Number: AV17-061
Date: 04 May 2017
Purpose
The purpose of this advisory is to bring attention to multiple Cisco security advisories.
Assessment
Cisco released multiple security updates to address vulnerabilities in the following products.
- Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability
- Cisco IOS XR Software Denial of Service Vulnerability
- Cisco TelePresence ICMP Denial of Service Vulnerability
- Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
- Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service VulnerabilityCisco Wide Area Application Services
- Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability
- Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability
- Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability
- Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability
- Cisco CallManager Express Unauthorized Access Vulnerability
CVE References:
Critical: CVE-2017-3882.
High: CVE-2017-3825, CVE-2017-3873, CVE-2017-3876.
Medium: CVE-2017-6620, CVE-2017-6624, CVE-2017-6625, CVE-2017-6626, CVE-2017-6628, CVE-2017-6629.
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ios-xr
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cucc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1