Number: AV16-131
Date: 19 August 2016
Purpose
The purpose of this advisory is to bring attention to multiple Cisco security advisories.
Assessment
Cisco has released multiple security advisories addressing vulnerabilities affecting several of their products. The severity of these vulnerabilities range from medium to critical.
Critical
Cisco Firepower Management Center Remote Command Execution Vulnerability (cisco-sa-20160817-fmc)
Cisco Firepower Management Center Privilege Escalation Vulnerability (cisco-sa-20160817-firepower)
High
Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability (cisco-sa-20160817-apic)
Medium
Cisco WebEx Meetings Server Information Disclosure Vulnerability (cisco-sa-20160817-wms1)
Cisco Unified Communications Manager Information Disclosure Vulnerability (cisco-sa-20160817-ucm)
Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability (cisco-sa-20160817-sch)
Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability (cisco-sa-20160817-ise)
Cisco IP Phone 8800 Series Denial of Service Vulnerability (cisco-sa-20160817-ipp)
Cisco Firepower Management Center Cross-Site Scripting Vulnerability (cisco-sa-20160817-firepowermc)
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability (cisco-sa-20160817-aap1)
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability (cisco-sa-20160817-aap)
CVE References: CVE-2016-1457, CVE-2016-1458, CVE-2016-1365, CVE-2016-1479, CVE-2016-1484, CVE-2016-1485, CVE-2016-6359, CVE-2016-6361, CVE-2016-6362, CVE-2016-6363, CVE-2016-6364, CVE-2016-6365
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-wms1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-sch
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap