Number: AV16-107
Date: 30 June 2016
Purpose
The purpose of this advisory is to bring attention to multiple Cisco security advisories.
Assessment
Cisco released multiple security updates to address multiple vulnerabilities:
- Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability
- Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
- Cisco Firepower System Software Static Credential Vulnerability
- Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability
CVE References: CVE-2016-1289, CVE-2016-1394, CVE-2016-1408, CVE-2016-1416
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass