Cisco IOS Memory Disclosure Weakness

by Carol~ Moderator - 5/17/13 1:33 PM

In Reply to: VULNERABILITIES / FIXES - May 17, 2013 by Carol~ Moderator

Release Date : 2013-05-16
Last Update : 2013-05-17

Criticality level : Not critical
Impact: Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Operating System : Cisco IOS 15.3

Description:
A weakness has been reported in Cisco IOS, which can be exploited by malicious people to disclose potentially sensitive information.

The weakness is caused due to an error when processing HTTP and can be exploited to disclose the contents of arbitrary memory via a specially crafted WebEx node request.

The weakness is reported in version 15.3(1)S. Prior versions may also be affected.

Solution:
Update to version 15.3(1)S2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco (CSCug61252, CSCuf17466):
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232

http://secunia.com/advisories/53461