Number: AV17-054
Date: 20 April 2017
Purpose
The purpose of this advisory is to bring attention to multiple Cisco security advisories.
Assessment
Cisco released multiple security updates to address vulnerabilities in the following products.
- Cisco Unified Communications Manager Denial of Service Vulnerability
- Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability
- Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities
- Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability
- Cisco ASA Software SSL/TLS Denial of Service Vulnerability
- Cisco ASA Software IPsec Denial of Service Vulnerability
- Cisco ASA Software DNS Denial of Service Vulnerability.
CVE References:
Critical: CVE-2017-5638
High: CVE-2017-3860, CVE-2017-3861, CVE-2017-3862, CVE-2017-3863, CVE-2017-3808, CVE-2016-6368, CVE-2017-6607, CVE-2017-6608, CVE-2017-6609, CVE-2017-6610
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
https://tools.cisco.com/security/center/publicationListing.x