Cisco security updates

Number: AV17-127
Date: 16 August 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities in the following products.

- Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability
- Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability
- Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
- Cisco TelePresence Video Communication Server Denial of Service Vulnerability
- Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability
- Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability
- Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
- Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
- Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
- Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability
- Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability
- Cisco Elastic Services Controller Cross-Site Scripting Vulnerability
- Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability
- Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability
- Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability
- Cisco Policy Suite Privilege Escalation Vulnerability
- Cisco Prime Infrastructure HTML Injection Vulnerability
- Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability

CVE References:
CVE-2017-6710, CVE-2017-6767, CVE-2017-6768, CVE-2017-6772, CVE-2017-6773, CVE-2017-6774,
CVE-2017-6775, CVE-2017-6776, CVE-2017-6777, CVE-2017-6778, CVE-2017-6781, CVE-2017-6783,
CVE-2017-6782, CVE-2017-6784, CVE-2017-6785, CVE-2017-6786, CVE-2017-6788, CVE-2017-6790

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw