Vulnerability on Cisco Devices!!!

Similar Messages

• What cisco device relate to vxworks vulnerable

  many SP check vxworks vulnerable related hardware and os in china, i didn't find related information on cisco web site,including cisco security vulnerable!
  where can i find vxworks vulnerable related to cisco device.
  thank you

  hi thank you!
  i search cco,found ip phone 7920 has vxworks,
  http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml
  but this is 2005 secuiry advisior

• Bash vulnerability bash CVE-2014-6271 on Cisco devices

  Hi, all,
  Anybody know whether any Cisco devices are vulnerable to  recent bash CVE-2014-6271? I am especially concerned about ASA which opens https to the public.
  Thanks,

  Have a look here: 
  http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_Bash_09252014.html
  and here:
  http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  Under affected products. 

• Help remove Vulnerability on Cisco concentrator

  Hi, our last security scan, came back with this vulnerability, anyone know how to reduce the threat?
  Cisco Internet Key Exchange Denial of Service Vulnerability
  THREAT:
  Cisco Internet Key Exchange (IKE) is exposed to a denial of service issue. This issue affects devices implementing IKE Version 1, and is due to resource exhaustion when handling a high rate of IKE requests. An attack of 10 packets per second at 122 bytes each is sufficient to cause denial of service conditions.
  Cisco is tracking these issues with the following Bug IDs:
  * CSCse70811 for Cisco IOS software
  * CSCse89808 for Cisco VPN 3000 Concentrators
  * CSCsb51032 for Cisco PIX firewalls
  IMPACT:
  A successful attack may lead to denial of service to legitimate users.
  SOLUTION:
  Cisco has information on a mitigation technique only for Cisco IOS software affected by this issue. Refer to Cisco Security Response 70810 for further details.
  COMPLIANCE:
  Not Applicable
  RESULT:
  Detected service isakmp and os Cisco VPN 3000 Concentrator
  http://www.cisco.com/warp/public/707/cisco-sr-20060726-ike.shtml

  You can turn it off so that no tunnel can ever negotiate to use it, but you can't disable it entirely. You can deactivate all IKE proposals that have DES encryption specified, leaving only the IKE proposals that have 3DES or AES. Go to: Configuration | Tunneling and Security | IPSec | IKE Proposals
  and deactivate any and all IKE Proposals that reference DES.

• Unable to open 2 9509 switches at the same time in Cisco Device Manager

  Dear Friends,
  There are a pair of MDS 9509 switches whose management addresses are 172.16.2.197 and 172.16.2.198.
  When we try to manage these Devices through Cisco device manager, the first device opens up without any problem, but when the second 9509 is opened in Cisco Device Manager, it fails giving the following error message:
  "Open udp transport failed: Address already in use: Cannot bind"
  To get around this issue, if we close the first interface to the 9509 switch, then we are able to open up the second 9509 in Device Manager.
  We have this problem only in Cisco device manager. If we open one switch in Cisco device manager and the other switch in Cisco Fabric Manager, it works.
  Also, we can telnet to both the devices successfully at a time.
  The device manager in use is 4.1.
  Please find enclosed the sh version outputs for your kind reference.
  Can you please help me understand the cause of this issue?
  Thanks a lot
  Gautam

  Is it always the same MDS that fails to open, or can you open either one first, and then the second one poses the problem (no matter which one is second)?
  Can you try from a second work station and see if you can open DM to both switched at the same time? I suspect the address it is complaining about is the local workstation IP, not the MDS IP.
  If you open the FM map, then you click on the MDS ICONs, can you open DM to both MDS?
  - Mike

• Cisco devices that support Multicast traffic?

  Folks,
  I am looking for list of Cisco devices that support Multicast traffic. Does anyone know how to get this information?
  Thanks,
  Nagesh 

  Cisco Feature Navigator

• Archive process hung on all cisco devices - help

  I have Archive setup on all of my devices in the enviornment to archive configs via tftp to a server on the network.  A team mate of mine elected to down that box because the "did no know what it was."  Now I have a process hung on every one of my cisco devices that is preventing the archive from performing.  I am hoping to find a way to stop this process short of a rebuild of every on of my devices.
  PID
  QTy
  PC
  Runtime(ms)
  Invoked
  uSecs
  Stacks
  TTY
  Process
  295
  Lsa
  1E3BD48
  0
  23
  0
  4404/6000
  0
  Archive Config
  Jan  2 10:26:53: %ARCHIVE_CONFIG-4-ARCHIVE_SKIPPED: Archive of router configuration was skipped due to a previous initiation.

  Appologies, I assume most would realize this...but I meant to say "short of a REBOOT of every ONE of my devices".  Symptom to too many things at once.  Thanks.

• ISE version 1.0 - Unable to get management access for cisco devices

  Hi All,
  I want to manage all cisco devices with read and write privilege with ISE 1.0.
  Is this functionality is available in this version?
  I configured the 2960 switch.  On switch  redius test is successful. When I telnet to the switch, it ask for username and password. But message is authorization fail. But on ISE shows authentication is successful.
  Is it configuration issue or this feature is not available in this version?
  Regards,
  Hanumant

  Hanumant,
  You will have to create an authorization profile to send back the privilege level for the user:
  Here is the attribute (cisco-av-pair) you will have to send back:
  shell:priv-lvl=xx

• Automatic back up on Cisco devices

  I am planned to do the automatic configuration on all my network devices.. I  had successfully implemented  automatic back up  configuration on Router and switches with krone policy. But i am not able to configure the same  on ACS,ACE & ASA firewall and ISE.
  all are cisco devices. I can able to configure krone policy on ACS but back up was not working,   kindly suggest how to configure automatic back up on above said devices.

      archive command we had bug in cisco. It not taking the back up correctly as per time configuration. Right i am looking freeware to take the back up locally with my windows machine.
     Marvin option was good. But we need linux server( VM need to create) and also network not much aware of linux commands. So its difficult for us implement with out much knowledge about  Linux.
  I had  implemented krone policy but its working fine for router and switch only then i had problem  to take back up of ACS,ISE,ACE and firewall . The automatic back up tool should be unique.

• Which cisco device to register a 7921g to?

  what cisco devices are capables to register a 7921g wifi ip phone?
  I think I can do it wiht a uc520 for example, but,  there would be any other smaller device?
  I have a cisco srp527 wich gives me dsl conection, and I´m trying to connect it with some cisco device which I can register the 7921g against.
  I would appreciate some advice
  Thank you in advance
  Javier

  If you have a cisco router that runs CME (Call Manager Xpress) then you can register your 7921 on to it
  Here are the basic steps for that
  https://learningnetwork.cisco.com/servlet/JiveServlet/previewBody/6346-102-1-20737/CCNA-Voice%20VoIP.pdf
  I am not too sure about SME products you mentioned
  HTH
  Rasika
  ****Pls rate all useful responses *****

• Non-Cisco devices support in LMS 4.1

  Hi! How i could import third party MIB file for my devices? Is there any guide/manual for working with non-cisco devices?

  Specifically which module are you talking about?
  The most flexibile module is HUM which has support for third party devices
  Most modules do not support non cisco devices, compelte list is here:
  http://www.cisco.com/en/US/products/ps11200/products_device_support_tables_list.html
  Regards
  Farrukh

• How can I restore out of box configuration on Cisco device?

  Hello,
  The new Cisco devices (routers and switches) are coming with some default (out of box) configuration, but not without configuration, not with blank configuration.
  I realized that there is some command that can restore thе default configuration. But I can't find it.
  What is this command? Anyone does it know?
  Thanks in advance!
  Best Regards,
  Tsvety

  Mike's suggestion was correct. I would only add that one needs to erase vlan.dat if you have a switch that was used elsewhere. Cisco procedure linked here (for switches) and here (for routers).
  Even a brand new factory-fresh box will have SOME configuration bits on it. A skeleton configuration - the default VLAN 1, empty interface definitions, etc. will always be there. The only way to remove everything would be to erase flash altogether forcing one to boot in rommon (not very useful).

• Change hostname on Cisco devices that are in production

  I'm new to Cisco devices and to my current job as network analyst. Mostly in an attempt to establish consistency and to ease identification, I'd like to change the hostname of most of our Cisco switches and routers. However, I don't want to create any other problems.
  If I proceed with the hostname change on our Cisco devices that are in production, would there be any negative impact that I may expect?
  Thanks in advance!

  Hi
  Couple of things spring to mind
  1) DNS resolution. How do you resolve the hostnames for your routers/switches now ?. if you do it via DNS then you need to update it to reflect the new name.
  2) Any scripts etc. that you may use to automate taks on your network may need updating although if they use DNS to resolev just see 1
  3) SSH. If you are using SSH to manage your routers/switches and you change the hostname the ssh key will become invalid. You will need to regenerate the key.
  HTH
  Jon

• How to install Cisco Device Manger on Window 7

  Hello
  Is Cisco device manager supported on windows 7 ?
  If yes how to install Cisco Device Manger on Window 7?
  Please advise
  Thanks
  Chetan R

  You can install the latest DCNM 5.x  for support, please see here:
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/dcnm/release/notes/dcnm_5_1_relnotes.html#wp179665
  Support for Windows 7 and Windows 2008
  In Cisco DCNM Release 5.1(3u), the Cisco DCNM server supports Windows 2008 and the Cisco DCNM client support Windows 7.
  You can download the DCNM from the Software Download. Device Manager is bundled in DCNM.
  For DCNM-SAN installation please see here:
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/dcnm/installation/guide/inst_troubleshoot.html
  I hope this helps.
  Carlos

• What non cisco devices can be monitored by MARS

  We are in the process or purchasing the MARS 110R and was wondering what other non cisco devices on our network can be monitored by MARS for intance our exchange servers.

  You can monitor the security event logs (as well as most other windows event logs) using MARS. I'm not sure it understands Exchange specific event logs, but it should be able to parse the normal authentications that take place in an Exchange environment (and are logged to the security event log). Here is the list:
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/4.3/compatibility/local_controller/dtlc43x.html