Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Cisco Releases security updates

Number: AV17-022
Date: 14 February 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities (critical to medium) in the following products.

  • Cisco WebEx Browser Extension Remote Code Execution Vulnerability
  • Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability
  • Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
  • Vulnerability in GNU glibc Affecting Cisco Products: February 2016
  • Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
  • Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January 2017
  • OSPF LSA Manipulation Vulnerability in Multiple Cisco Products

CVE References :
Critical Impact CVE: CVE-2017-3823
High Impact CVE: CVE-2015-7547, CVE-2017-3807, CVE-2017-3813
Medium Impact CVE: CVE-2013-0149, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Date modified: