Cisco security updates

Number: AV17-107
Date: 21 July 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Cisco released multiple security updates to address vulnerabilities (high to medium) in the following products.

Cisco ASR 5000 Series Aggregation Services Routers: GGSN Gateway Redirect Vulnerability
Cisco ASR 5000 Series Aggregation Services Routers: Access Control List Security Bypass Vulnerability
Cisco Prime Collaboration Provisioning Tool Web Portal: Cross-Site Scripting Vulnerability
Cisco Web Security Appliance: Authenticated Command Injection and Privilege Escalation Vulnerability
Cisco Web Security Appliance: Stored Cross-Site Scripting Vulnerability
Cisco Web Security Appliance: Static Credentials Vulnerability
Cisco Web Security Appliance: Administrative Interface Access Control Bypass Vulnerability
Cisco Web Security Appliance: Command Injection and Privilege Escalation Vulnerability

CVE References: CVE-2017-6612, CVE-2017-6672, CVE-2017-6746, CVE-2017-6748, CVE-2017-6749, CVE-2017-6750, CVE-2017-6751, CVE-2017-6755

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly