The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow a local unauthenticated user to execute arbitrary commands with escalated privileges or cause a denial-of-service (DoS) condition. These vulnerabilities affect the following:
- Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
- Cisco TelePresence System Software Command Execution Vulnerability
- Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply any necessary updates to help mitigate these vulnerabilities.
Google has released Google Chrome 32.0.1700.95 for all Chrome OS devices (except Chromebook Pixel), Google Chrome 32.0.1700.76 for Windows and Chrome Frame, and Google Chrome 32.0.1700.77 for Mac and Linux to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition, spoof the address bar, or execute arbitrary code.
US-CERT encourages users and administrators to review the Google Chrome release blog and follow best-practice security policies to determine which updates should be applied.
Cisco has released a security advisory to address multiple vulnerabilities in Cisco Secure Access Control System (ACS). These vulnerabilities affect the following:
- Cisco Secure ACS RMI Privilege Escalation Vulnerability
- Cisco Secure ACS RMI Unauthenticated User Access Vulnerability
- Cisco Secure ACS RMI Operating System Command Injection Vulnerability
Successful exploitation could allow a remote, unauthenticated attacker to perform administrative actions on the system.
US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply any necessary updates to help mitigate the risk.