Cisco Flags Vulnerabilities In VPN Clients, IP Phones
According to Cisco, the Mobility Client, formerly known as the Cisco AnyConnect VPN Client, is affected by an arbitrary program execution vulnerability and a local privilege escalation vulnerability. Cisco is providing free software updates to address both vulnerabilities.
The arbitrary program execution vulnerability affects all Microsoft Windows versions of the client prior to 2.3.185, and all Linux and Apple Mac OSX versions of the client other than 2.5.x and 3.0.x, as well as 2.5.x releases prior to 2.5.3041 and 3.0.x releases prior to 3.0.629. The local privilege escalation vulnerability affects all Windows versions of the client prior to 2.3.254. Linux and Mac OSX versions aren't affected.
Cisco added that Microsoft Windows Mobile versions of the arbitrary program execution vulnerability are affected, and that Cisco has no plans to provide fixed versions of AnyConnect Secure Mobility Client for Windows Mobile.
Three vulnerabilities affect Cisco Unified IP Phones 7900 Series devices, which could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software, according to Cisco. The vulnerabilities are described as two privilege escalation vulnerabilities and one signature bypass vulnerability. Cisco has released a free software update to address each, and only the 7900 Series phones are affected.
Elsewhere, Cisco said that Network Registrar Software Releases prior to version 7.2 contain a default password for the administrative account that users are not forced to change, leaving the platform open to potential attack. Cisco is not making a 7.2 release upgrade for free, although it has made a workaround available, described in Cisco's security advisory.
Finally, Cisco confirmed a vulnerability in Cisco Media Experience Engine 5600 devices running Cisco Media Processing Software releases prior to 1.2. Those specific releases ship with a root administrator account that is enabled by default with a default password, according to Cisco, meaning that an authorized user could gain control of the device. Cisco isn't making a software upgrade available; rather, users can change the root account password by issuing a configuration command on affected engines.
Cisco makes regular, publicly available security advisories on its product lines. In late May, Cisco disclosed vulnerabilities in its IOS XR software, and a month earlier, warned users of vulnerabilities in its Unified Communications Manager and wireless LAN controllers.