Number: AV18-084
Date: 17 May 2018
Purpose
The purpose of this advisory is to bring attention to multiple Cisco security advisories.
Assessment
Cisco released multiple security updates to address vulnerabilities (medium to critical) in various Cisco products.
Affected Products:
- Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability
- Cisco Digital Network Architecture Center Authentication Bypass Vulnerability
- Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
- Cisco Enterprise NFV Infrastructure Software Web Management Interface Path Traversal Vulnerability
- Cisco IP Phone 7800 Series and 8800 Series Denial of Service Vulnerability
- Cisco Firepower Threat Defense Software Policy Bypass Vulnerability
- Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability
- Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability
- Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability
- Cisco Digital Network Architecture Center Unauthorized Access Vulnerability
- Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability
- Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability
- Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability
- Cisco SocialMiner Notification System Denial of Service Vulnerability
- Cisco TelePresence Server Cross-Frame Scripting Vulnerability
- Cisco Meeting Server Media Services Denial of Service Vulnerability
- CPU Side-Channel Information Disclosure Vulnerabilities
CVE References: CVE-2018-0222, CVE-2018-0268, CVE-2018-0270, CVE-2018-0271, CVE-2018-0277, CVE-2018-0279, CVE-2018-0289, CVE-2018-0290, CVE-2018-0297, CVE-2018-0323, CVE-2018-0324, CVE-2018-0325, CVE-2018-0327, CVE-2018-0328, CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-firepwr-pb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-fnd
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-firepwr-pb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel