Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Cisco security updates

Number: AV18-014
Date: 17 January 2018

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities in the following products.

  • Cisco NX-OS Software Pong Packet Denial of Service Vulnerability
  • Cisco AnyConnect Profile Editor XML External Entity Injection Vulnerability
  • Cisco D9800 Network Transport Receiver OS Command Injection Vulnerability
  • Cisco Elastic Services Controller Information Disclosure Vulnerability
  • Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability
  • Cisco Identity Services Engine DOM Cross-Site Scripting Vulnerability
  • Cisco IOS Software for Industrial Ethernet 4010 Series Switches Test Command Arbitrary Code Execution and Denial of Service Vulnerability
  • Cisco NX-OS System Software Management Interface Denial of Service Vulnerability
  • Cisco NX-OS System Software Unauthorized User Account Deletion Vulnerability
  • Cisco Policy Suite Unauthenticated Information Disclosure Vulnerability
  • Cisco Prime Infrastructure Open Redirect Vulnerability
  • Cisco Prime Infrastructure Privilege Escalation Vulnerability
  • Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability
  • Cisco Small Business 300 and 500 Series Managed Switches Cross-Site Scripting Vulnerability
  • Cisco Small Business 300 and 500 Series Managed Switches HTTP Response Splitting Vulnerability
  • Cisco StarOS CLI Command Injection Vulnerability
  • Cisco UCS Central Software IPv6 Denial of Service Vulnerability
  • Cisco Unified Communications Manager Information Disclosure Vulnerability
  • Cisco Unified Customer Voice Portal Denial of Service Vulnerability
  • Cisco WAP150 Wireless Cross-Site Scripting Vulnerability
  • Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability
  • Cisco WebEx Meetings Server Information Disclosure Vulnerability
  • Cisco WebEx Meetings Server Remote Account Disabling Vulnerability

CVE References: CVE-2017-12307, CVE-2017-12308, CVE-2018-0086, CVE-2018-0088, CVE-2018-0089, CVE-2018-0090, CVE-2018-0091, CVE-2018-0092, CVE-2018-0093, CVE-2018-0094, CVE-2018-0095, CVE-2018-0096, CVE-2018-0097, CVE-2018-0098, CVE-2018-0099, CVE-2018-0100, CVE-2018-0102, CVE-2018-0105, CVE-2018-0106, CVE-2018-0107, CVE-2018-0108, CVE-2018-0109, CVE-2018-0110, CVE-2018-0111, CVE-2018-0115

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Date modified: