Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Cisco security advisory

Number: AV18-032
Date: 22 February 2018

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities in the following products.

  • Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability
  • Cisco Elastic Services Controller Service Portal Authentication Bypass Vulnerability
  • Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability
  • Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability
  • Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability
  • Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability
  • Cisco Prime Service Catalog Cross-Site Scripting Vulnerability
  • Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability
  • Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability
  • Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability
  • Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability
  • Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability
  • Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability
  • Cisco Unity Connection Mail Relay Vulnerability

CVE References: CVE-2018-0121, CVE-2018-0124, CVE-2018-0130, CVE-2018-0139, CVE-2018-0145, CVE-2018-0146, CVE-2018-0148, CVE-2018-0199, CVE-2018-0200, CVE-2018-0201, CVE-2018-0203, CVE-2018-0204, CVE-2018-0205, CVE-2018-0206

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucsd
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-psc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-pcpt
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-pcpt1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cvp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc

Date modified: