Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Cisco security advisory

Number: AV18-040
Date: 8 March 2018

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities (medium to critical) in the following products.

  • Cisco Prime Collaboration Provisioning Hard Coded Password Vulnerability            
  • Cisco Secure Access Control System Java Deserialization Vulnerability       
  • Cisco Web Security Appliance FTP Authentication Bypass Vulnerability      
  • Cisco Videoscape AnyRes Live Cross Site Scripting Vulnerability    
  • Cisco UCS Director Cross Site Scripting Vulnerability         
  • Cisco StarOS CLI Command Injection Vulnerability            
  • Cisco Security Manager DesktopServlet Reflected Cross Site Scripting Vulnerability             
  • Cisco Registered Envelope Service Cross Site Scripting Vulnerability           
  • Cisco Prime Data Center Network Manager Cross Site Scripting Vulnerability         
  • Cisco Identity Services Engine Command Injection to Underlying Operating System Vulnerability 
  • Cisco Identity Services Engine Cross Site Request Forgery Vulnerability     
  • Cisco Identity Services Engine Local Command Injection Vulnerability        
  • Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability       
  • Cisco Identity Services Engine Cross Site Scripting Vulnerability    
  • Cisco Identity Services Engine Authenticated CLI Denial of Service Vulnerability     
  • Cisco Data Center Network Manager Cross Site Request Forgery Vulnerability       
  • Cisco Secure Access Control Server XML External Entity Injection Vulnerability       
  • Cisco 550X Series Stackable Managed Switches SNMP Denial of Service Vulnerability          

CVE References: CVE 2018 0087, CVE 2018 0141, CVE 2018 0144, CVE 2018 0147, CVE 2018 0207, CVE 2018 0208, CVE 2018 0209, CVE 2018 0210, CVE 2018 0211, CVE 2018 0212, CVE 2018 0213, CVE 2018 0214, CVE 2018 0215, CVE 2018 0216, CVE 2018 0217, CVE 2018 0218, CVE 2018 0219, CVE 2018 0220, CVE 2018 0221, CVE 2018 0223, CVE 2018 0224  

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Date modified: