Cisco Releases security updates

Number: AV17-072
Date: 20 May 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities (critical to medium) in the following products. 

  • Cisco Identity Services Engine GUI Denial of Service Vulnerability
  • Cisco Industrial Ethernet 1000 Series Switches Device Manager Cross-Site Request Forgery Vulnerability
  • Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
  • Cisco Policy Suite Privilege Escalation Vulnerability
  • Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
  • Cisco TelePresence IX5000 Series Directory Traversal Vulnerability
  • Cisco FirePOWER System Software SSL Logging Denial of Service Vulnerability
  • Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities
  • Cisco Nexus 5000 Series Switches CLI Command Injection Vulnerability
  • Cisco Nexus 5000 Series Switches Telnet CLI Command Injection Vulnerability
  • Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
  • Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability
  • Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
  • Cisco Remote Expert Manager Denial of Service Vulnerability
  • Cisco Remote Expert Manager Information Disclosure Vulnerability
  • Cisco Remote Expert Manager Virtual Directory Information Disclosure Vulnerability
  • Cisco Remote Expert Manager Information Disclosure Vulnerability
  • Cisco Remote Expert Manager Virtual Temporary Directory Information Disclosure Vulnerability
  • Cisco Remote Expert Manager Order Information Disclosure Vulnerability
  • Cisco Remote Expert Manager Temporary File Information Disclosure Vulnerability
  • Cisco IP Phone 8851 Session Initiation Protocol Denial of Service Vulnerability
  • Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
  • Cisco UCS C-Series Rack Servers TCP Port Denial of Service Vulnerability

CVE References:
Critical Impact CVE: CVE-2017-6622
High Impact CVE: CVE-2017-6623, CVE-2017-6621, CVE-2017-6652
Medium Impact CVEs: CVE-2017-6634, CVE-2017-6632, CVE-2017-6653, CVE-2017-6657, CVE-2017-6658, CVE-2017-6649, CVE-2017-6650, CVE-2017-6635, CVE-2017-6636, CVE-2017-6637, CVE-2017-6641, CVE-2017-6642, CVE-2017-6643, CVE-2017-6644, CVE-2017-6645, CVE-2017-6646, CVE-2017-6647, CVE-2017-6630, CVE-2017-6654, CVE-2017-6633

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Date modified: