Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Cisco security advisory

Number: AV18-143
Date: 29 August 2018

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address several vulnerabilities in various products.

Affected Products:

  • Cisco Identity Services Engine (ISE)
  • Cisco Unified Intelligence Center
  • Cisco Emergency Responder
  • Cisco Hosted Collaboration Solution for Contact Center
  • Cisco Unified Communications Manager IM & Presence Service (formerly CUPS)
  • Cisco Unified Communications Manager
  • Cisco Unified Contact Center Enterprise
  • Cisco Unified Intelligent Contact Management Enterprise
  • Cisco Unified SIP Proxy Software
  • Cisco Unified Survivable Remote Site Telephony Manager
  • Cisco Unity Connection
  • Cisco Video Distribution Suite for Internet Streaming (VDS-IS)
  • Cisco Network Performance Analysis
  • Cisco Data Center Network Manager (DCNM) software releases prior to 11.0(1)
  • Cisco Tetration Analytics
  • Cisco Firepower Threat Defense (FTD) Software
  • Cisco Identity Services Engine (ISE)
  • Cisco Prime Collaboration Assurance
  • Cisco Prime Collaboration Deployment
  • Cisco Prime Collaboration Provisioning
  • Cisco Prime Infrastructure
  • Cisco IOS XE Software
  • Cisco Network Assurance Engine
  • Cisco Nexus 3000 Series Switches
  • Cisco Nexus 9000 Series Switches - Standalone, NX-OS mode
  • Cisco UCS Standalone C-Series Rack Server - Integrated Management Controller
  • Cisco Emergency Responder
  • Cisco IP Phone 7800 Series
  • Cisco Paging Server
  • Cisco Unity Connection
  • Cisco TelePresence Conductor
  • Cisco Video Surveillance 8000 Series IP Cameras
  • Cisco Aironet 1560 Series Access Points
  • Cisco Aironet 1815 Series Access Points
  • Cisco Aironet 2800 Series Access Points
  • Cisco Aironet 3800 Series Access Points
  • Cisco 4000 Series Integrated Services Routers (IOS XE Open Service Containers)
  • Cisco ASR 1000 Series Aggregation Services Router with RP2 or RP3 (IOS XE Open Service Containers)
  • Cisco ASR 1001-HX Series Aggregation Services Routers (IOS XE Open Service Containers)
  • Cisco ASR 1001-X Series Aggregation Services Routers (IOS XE Open Service Containers)
  • Cisco ASR 1002-HX Series Aggregation Services Routers (IOS XE Open Service Containers)
  • Cisco ASR 1002-X Series Aggregation Services Routers (IOS XE Open Service Containers)
  • Cisco Cloud Services Router 1000V Series (IOS XE Open Service Containers)
  • Cisco Nexus 3000 Series Switches
  • Cisco Nexus 3500 Series Switches
  • Cisco Nexus 5000 Series Switches
  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 9000 Series Switches - Standalone, NX-OS mode
  • Cisco C880 M4 Server
  • Cisco C880 M5 Server
  • Cisco Enterprise NFV Infrastructure Software (NFVIS)
  • Cisco UCS B-Series M2 Blade Servers
  • Cisco UCS B-Series M3 Blade Servers - Managed
  • Cisco UCS B-Series M4 Blade Servers (except B260, B460)
  • Cisco UCS B-Series M5 Blade Servers
  • Cisco UCS C-Series M2 Rack Servers
  • Cisco UCS C-Series M3 Rack Servers - Managed
  • Cisco UCS C-Series M3 Rack Servers - Standalone
  • Cisco UCS C-Series M4 Rack Servers (except C460) - Standalone 1
  • Cisco UCS C-Series M4 Rack Servers (except C460) -Managed 1
  • Cisco UCS C-Series M5 Rack Servers - Managed 1
  • Cisco UCS C-Series M5 Rack Servers -Standalone 1
  • Cisco UCS E-Series Servers
  • Cisco UCS S3260 M4 Storage Server
  • Cisco Remote Expert Mobile
  • Cisco Video Surveillance Media Server
  • Cisco Metacloud

CVE References:
CVE-2018-0464, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646, CVE-2018-5391, CVE-2018-11776

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://tools.cisco.com/security/center/publicationListing.x
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

Date modified: