Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Found Vulnerabilities in NAM -2

We have an audit going on in our network. Audit team found few vulnerabilities with the help of Nessus tool in our WS-CVC-NAM-2 module which is inserted in Cisco Catalyst 6513 switch.

NAM details are as follows:

NAM application image version: 5.1(1) RELEASE SOFTWARE [fc7]

Maintenance image version: 2.1(5)

NAM Daughter Card Micro code version: 1.34.1.28 (NAM)

BIOS Version: 4.0-Rel 6.0.9

PID: WS-SVC-NAM-2

Memory size: 1024 MB

Disk 0 size: 40 GB

Installed patches:

Vulnerabilities are as follows:

1. The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML to be executed in a user’s browser within the security context of the affected site.

2. It was observed that the remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript due to which an attacker may be able to cause arbitrary HTML and script code to be executed

3. NTP ntpd Mode 7 Error Response Packet Loop Remote DoS.

While searching Cisco.com, I found following bug regarding Web Server vulerabilities.

Bug ID: CSCsi10818

URL: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi10818&from=summary

I'm not able to understand why are we getting this vulnerability in v5.1. Do we have any information about NTP vulnerability. If yes, how to fix all these vulnerabilities.

Thanks in advance.

Everyone's tags (2)
667
Views
0
Helpful
0
Replies