Cisco security updates

Number: AV17-172
Date: 15 November 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities (medium to critical) in the following products.

  • Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
  • Cisco Web Security Appliance Advanced Malware Protection File Bypass Vulnerability
  • Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
  • Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability
  • Cisco Unified Communications Manager SQL Injection Vulnerability
  • Cisco Spark Board Upgrade Signature Verification Bypass Vulnerability
  • Cisco RF Gateway 1 TCP Connection Denial of Service Vulnerability
  • Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities
  • Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability
  • Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell
  • Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability
  • Cisco Immunet Antimalware Installer DLL Preloading Vulnerability
  • Cisco HyperFlex System Authenticated Information Disclosure Vulnerability
  • Cisco Firepower System Software Server Message Block Version 2 File Policy Bypass Vulnerability
  • Cisco ASA Next-Generation Firewall Services Local Management Filtering Bypass Vulnerability
  • Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability
  • Cisco Email Security Appliance HTTP Response Splitting Vulnerability
  • Cisco Network Academy Packet Tracer DLL Preload Vulnerability
  • Cisco Meeting Server H.264 Decoding Denial of Service Vulnerability

CVE References: CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13084,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088,CVE-2017-12303,CVE-2017-12337,CVE-2017-12350,CVE-2017-12302,CVE-2017-12306,CVE-2017-12318,CVE-2017-12290,CVE-2017-12290,CVE-2017-12291,CVE-2017-12292,CVE-2017-12320,CVE-2017-12321,CVE-2017-12322,CVE-2017-12323,CVE-2017-12316,CVE-2017-12305,CVE-2017-12304,CVE-2017-12312,CVE-2017-12315,CVE-2017-12300,CVE-2017-12299,CVE-2017-12314,CVE-2017-12309,CVE-2017-12313,CVE-2017-12311

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Date modified: