Multiple Cisco Security Advisories

Number: AV16-131
Date: 19 August 2016

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco has released multiple security advisories addressing vulnerabilities affecting several of their products.  The severity of these vulnerabilities range from medium to critical.

Critical
Cisco Firepower Management Center Remote Command Execution Vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. (cisco-sa-20160817-fmc)
Cisco Firepower Management Center Privilege Escalation Vulnerability (cisco-sa-20160817-firepower)

High
Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability (cisco-sa-20160817-apic)

Medium
Cisco WebEx Meetings Server Information Disclosure Vulnerability (cisco-sa-20160817-wms1)
Cisco Unified Communications Manager Information Disclosure Vulnerability (cisco-sa-20160817-ucm)
Cisco Smart Call Home Transport Gateway GatewayAn intermediate system that is the interface between two computer networks. A gateway can be a server, firewall, router, or other device that enables data to flow through a network. Cross-Site Scripting Vulnerability (cisco-sa-20160817-sch)
Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability (cisco-sa-20160817-ise)
Cisco IP Phone 8800 Series Denial of Service Vulnerability (cisco-sa-20160817-ipp)
Cisco Firepower Management Center Cross-Site Scripting Vulnerability (cisco-sa-20160817-firepowermc)
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability (cisco-sa-20160817-aap1)
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability (cisco-sa-20160817-aap)

CVE References: CVE-2016-1457, CVE-2016-1458, CVE-2016-1365, CVE-2016-1479, CVE-2016-1484, CVE-2016-1485, CVE-2016-6359, CVE-2016-6361, CVE-2016-6362, CVE-2016-6363, CVE-2016-6364, CVE-2016-6365

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-wms1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-sch
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap

Date modified: