Cisco patches three DoS-related flaws

News by Doug Olenick

An email sent out to the social media management platform's users addressed three DDoS attack related flaws and provided a patch.

Cisco released updates for a trio of products that if exploited could lead to a denial of service (DoS) condition for each.

The first of the three high rated vulnerabilities (CVE-2018-0296) is in Cisco AsyncOS Software for Cisco Web Security Appliances. The flaw could allow an unauthenticated attacker to create a scenario where a device reloads automatically resulting in a DoS condition. There is also a possibility the attacker can stop the reload condition, but all the actor to view sensitive information using directory traversal techniques, Cisco said.

The second issue (CVE-2018-0409) affects XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway. If exploited a malicious actor could cause a temporary service outage for all IM&P users, resulting in a DoS situation.

The final vulnerability (CVE-2018-0296 ) involves Cisco's Adaptive Security Appliance is similar to the first problem in that it can cause unwanted reloads creating a DoS condition and could again allow information to be released, Cisco reported.

Updates that mitigate these flaws are available for all three products.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews