Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Cisco security updates

Number: AV17-157
Date: 18 October 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities (medium to critical) in the following products.

  • Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II,
  • Cisco IOS XE Software Web Framework Cross-Site Scripting Vulnerability
  • Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability
  • Cisco Expressway Series and Cisco TelePresence Video Communication Server REST API Denial of     Service Vulnerability
  • Cisco Jabber for Windows Client Information Disclosure Vulnerability
  • Cisco Jabber Information Disclosure Vulnerability
  • Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability,
  • Cisco NX-OS Software Python Parser Escape Vulnerability
  • Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability,
  • Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability,
  • Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability
  • Cisco WebEx Meetings Server Denial of Service Vulnerability
  • Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability
  • Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of   Service Vulnerability
  • Cisco Small Business SPA51x Series IP Phones SIP Denial of Service Vulnerability
  • Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability,
  • Cisco Cloud Services Platform 2100 Unauthorized Access Vulnerability.

CVE References:  CVE-2017-13077, CVE-2017-13078,  CVE-2017-13079, CVE-2017-12272, CVE-2017-12289, CVE-2017-12287, CVE-2017-12284, CVE-2017-12286, CVE-2017-12285, CVE-2017-12301, CVE-2017-12271,  CVE-2017-12288, CVE-2017-12298, CVE-2017-12293, CVE-2017-12296, CVE-2017-3883, CVE-2017-12259, CVE-2017-12260, CVE-2017-12251 

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-spa
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ucce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs

Date modified: