=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN455
_____________________________________________________________________

DATE                : 10/10/2013

HARDWARE PLATFORM(S):  Cisco Firewall Services Module for Cisco
                        Catalyst 6500 Series Switches and Cisco 7600
                        Series Routers.

OPERATING SYSTEM(S):  Cisco Firewall Services Module Software.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm
______________________________________________________________________

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall
Services Module Software

Advisory ID: cisco-sa-20131009-fwsm

Revision 1.0

For Public Release 2013 October 9 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Firewall Services Module (FWSM) Software for Cisco Catalyst 6500
Series Switches and Cisco 7600 Series Routers is affected by the
following vulnerabilities:

    Cisco FWSM Command Authorization Vulnerability
    SQL*Net Inspection Engine Denial of Service Vulnerability

These vulnerabilities are independent of each other; a release that is
affected by one of the vulnerabilities may not be affected by the other.

Successful exploitation of the Cisco FWSM Command Authorization
Vulnerability may result in a complete compromise of the
confidentiality, integrity and availability of the affected system.
Successful exploitation of the SQL*Net Inspection Engine Denial of
Service Vulnerability may result in a reload of an affected device,
leading to a denial of service (DoS) condition.

Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate these vulnerabilities are
available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm

Note: The Cisco Adaptive Security Appliance (ASA) may be affected by
the SQL*Net Inspection Engine Denial of Service Vulnerability. A
separate Cisco Security Advisory has been published to disclose the
vulnerabilities that affect the Cisco ASA. That advisory is available
at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================