Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Cisco Releases security updates

Number: AV17-061
Date: 04 May 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities in the following products.

  • Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability
  • Cisco IOS XR Software Denial of Service Vulnerability
  • Cisco TelePresence ICMP Denial of Service Vulnerability
  • Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
  • Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service VulnerabilityCisco Wide Area Application Services
  • Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability
  • Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability
  • Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability
  • Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability
  • Cisco CallManager Express Unauthorized Access Vulnerability

CVE References:

Critical: CVE-2017-3882. 

High: CVE-2017-3825, CVE-2017-3873, CVE-2017-3876.

Medium:  CVE-2017-6620, CVE-2017-6624, CVE-2017-6625, CVE-2017-6626, CVE-2017-6628, CVE-2017-6629.   

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Date modified: