- Wed, 26 Oct 2011 09:00:00 PST
Effective October 18, 2011, Cisco has replaced the existing RSS feeds for Cisco Security Advisories. The new RSS feeds for Cisco Security Advisories are available at http://tools.cisco.com/security/center/psirtrss10/CiscoSecurityAdvisory.xml and http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml. The existing RSS feeds will continue to function until November 19, 2011. They will not receive updates after this date.
- Wed, 26 Oct 2011 08:00:00 PST
A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.
- Wed, 26 Oct 2011 08:00:00 PST
Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem. 
- Wed, 26 Oct 2011 08:00:00 PST
Cisco Unified Communications Manager contains a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem. 
- Wed, 26 Oct 2011 08:00:00 PST
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
- Wed, 26 Oct 2011 08:00:00 PST
Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device. These vulnerabilities are in a third-party library (Oracle Outside In) and are documented in CERT-CC Vulnerability Note VU#520721 at http://www.kb.cert.org/vuls/id/520721
- Wed, 19 Oct 2011 08:00:00 PST
The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities. 
- Wed, 19 Oct 2011 08:00:00 PST
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.
- Wed, 12 Oct 2011 10:30:00 PST
A vulnerability exists in Cisco TelePresence Video Communication Server (VCS) due to improper validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the HTTP User-Agent header is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote attacker could exploit this vulnerability to perform reflected cross-site scripting attacks.
- Tue, 11 Oct 2011 11:15:00 PST
A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. 
- Mon, 10 Oct 2011 12:20:00 PST
The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports.
- Wed, 05 Oct 2011 13:45:00 PST
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:
- Wed, 05 Oct 2011 08:00:00 PST
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:
- Wed, 05 Oct 2011 08:00:00 PST
Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information.
