Cisco security updates

Number: AV17-181
Date: 30 November 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities (medium to critical) in the following products.

• Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
• Multiple Vulnerabilities in Cisco Data Center Network Manager Software
• Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
• Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability
• Cisco WebEx Meeting Center URL Redirection Vulnerability
• Cisco WebEx Event Center Information Disclosure Vulnerability
• Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability
• Cisco WebEx Network Recording Player Denial of Service Vulnerability
• Multiple Vulnerabilities in Cisco UCS Central Software
• Cisco Multilayer Director, Nexus 7181 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability
• Cisco Prime Service Catalog SQL Injection Vulnerability
• Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability
• Cisco NX-OS System Software Patch Installation Command Injection Vulnerability
• Cisco NX-OS System Software CLI Command Injection Vulnerability
• Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability
• Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability
• Cisco NX-OS System Software CLI Command Injection Vulnerability
• Cisco NX-OS System Software CLI Command Injection Vulnerability
• Cisco NX-OS System Software Image Signature Bypass Vulnerability
• Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability

CVE References: CVE-2017-12367,CVE-2017-12368,CVE-2017-12367,CVE-2017-12368,CVE-2017-12369,CVE-2017-12370,CVE-2017-12371,CVE-2017-12372,CVE-2017-12367,CVE-2017-12368,CVE-2017-12369,CVE-2017-12370,CVE-2017-12371,CVE-2017-12372,CVE-2017-12343,CVE-2017-12344,CVE-2017-12343,CVE-2017-12344,CVE-2017-12345,CVE-2017-12346,CVE-2017-12347,CVE-2017-12343,CVE-2017-12344,CVE-2017-12345,CVE-2017-12346,CVE-2017-12347,CVE-2017-12359,CVE-2017-12366,CVE-2017-12297,CVE-2017-12365,CVE-2017-12363,CVE-2017-12360,CVE-2017-12348,CVE-2017-12349,CVE-2017-12340,CVE-2017-12364,CVE-2017-12342,CVE-2017-12341,CVE-2017-12339,CVE-2017-12338,CVE-2017-12336,CVE-2017-12335,CVE-2017-12334,CVE-2017-12333,CVE-2017-12351

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-switch
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-prime
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos7
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos6
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos2
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10