Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Cisco security updates

Number: AV18-119
Date: 18 July 2018

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address several vulnerabilities in various Cisco products.

Affected Products:
- Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode DHCP Version 6 Denial of Service Vulnerability
- Cisco Policy Suite Cluster Manager Default Password Vulnerability
- Cisco Policy Suite OSGi Interface InterfaceA boundary across which two systems communicate. An interface might be a hardware connector used to link to other devices, or it might be a convention used to allow communication between two software systems. Unauthenticated Access Vulnerability
- Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability
- Cisco SD-WAN Solution Arbitrary File Overwrite OverwriteTo write or copy new data over existing data. The data that was overwritten cannot be retrieved. Vulnerability
- Cisco SD-WAN Solution CLI Command Injection Vulnerability
- Cisco SD-WAN Solution Command Injection Vulnerability
- Cisco SD-WAN Solution Command Injection Vulnerability
- Cisco SD-WAN Solution Configuration and Management Database Remote Code Execution Vulnerability
- Multiple Vulnerabilities in Cisco Finesse
- Cisco SD-WAN Solution Remote Code Execution Vulnerability
- Cisco SD-WAN Solution VPN VPNSee virtual private network. Subsystem Command Injection Vulnerability
- Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability
- Cisco SD-WAN Solution Zero Touch Provisioning Command Injection Vulnerability
- Cisco SD-WAN Solution Zero Touch Provisioning Denial of Service Vulnerability
- Cisco Unified Communications Manager IM And Presence Service Cross-Site Scripting Vulnerability
- Cisco Webex DOM-Based Cross-Site Scripting Vulnerability
- Cisco Webex Network Recording Players Denial of Service Vulnerabilities
- Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities
- Cisco Webex Teams Remote Code Execution Vulnerability
- Multiple Vulnerabilities in Cisco Unified Contact Center Express
- Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability
- Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Code injectionIntroducing malicious code into a computer program by taking advantage of a flaw in the program, or in the way it interprets data input by users. Vulnerability
- Cisco Policy Suite Read-Only User Effect Change Vulnerability
- Cisco Policy Suite World-Readable Sensitive Data Vulnerability
- Cisco SD-WAN Solution Local Buffer Overflow Vulnerability

CVE References: CVE-2018-0342, CVE-2018-0343, CVE-2018-0344, CVE-2018-0345, CVE-2018-0346, CVE-2018-0347, CVE-2018-0348, CVE-2018-0349, CVE-2018-0350, CVE-2018-0351, CVE-2018-0372, CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, CVE-2018-0377, CVE-2018-0379, CVE-2018-0380, CVE-2018-0387, CVE-2018-0390, CVE-2018-0392, CVE-2018-0393, CVE-2018-0394, CVE-2018-0396, CVE-2018-0398, CVE-2018-0399, CVE-2018-0400, CVE-2018-0401, CVE-2018-0402, CVE-2018-0403

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-data
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-finesse
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-csp2100-injection
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ucmim-ps-xss
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-DOM-xss
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-teams-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-pspb-unauth-access
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos

Date modified: