Cisco Releases security updates

Number: AV17-017
Date: 01 February 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities (critical to medium) in the following products.

Critical:

Cisco Prime Home Authentication Bypass Vulnerability

Medium:

Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability
Cisco Prime Service Catalog URL Redirect Attack Vulnerability
Cisco Firepower Device Manager Arbitrary Audit Log Entry Vulnerability
Cisco Firepower URL Bypass Vulnerability
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability
Cisco Firepower Management Center Incomplete Rule Set Vulnerability
Cisco Email Security Appliance Malformed MIME Header Filtering Bypass Vulnerability
Cisco cBR Series Converged Broadband Routers List Headers Denial of Service Vulnerability
Cisco ASR 1000 Series Aggregation Services Routers SNMP High CPU Denial of Service Vulnerability

CVE References:
Critical Impact CVE: CVE-2017-3791

Medium Impact CVE: CVE-2017-3806, CVE-2017-3809, CVE-2017-3810, CVE-2017-3812, CVE-2017-3814, CVE-2017-3818, CVE-2017-3820, CVE-2017-3822, CVE-2017-3824

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

Language selection

Search

Purpose

Assessment

Suggested Action

References

Note to readers

Cisco Releases security updates

Purpose

Assessment

Suggested Action

References