Number: AV16-007
Date: 13 January 2016
Purpose
The purpose of this advisory is to bring attention to multiple Cisco security advisories.
Assessment
Cisco released security updates to address multiple vulnerabilities (2 Critical, 2 High) affecting the following products:
***Critical***
- Cisco 2500 Series Wireless Controllers
- Cisco 5500 Series Wireless Controllers
- Cisco 8500 Series Wireless Controllers
- Cisco Flex 750 Series Wireless Controllers
- Cisco Virtual Wireless Controllers
- Cisco Application Deployment Engine OS Release 2.2
- ADE-OS Build Version 2.2.0.162
- ADE-OS System Architecture: x86_64
***High***
- Cisco Aironet 1830e Series Access Point
- Cisco Aironet 1830i Series Access Point
- Cisco Aironet 1850e Series Access PointCisco Aironet 1850i Series Access Point
CVE References: CVE-2015-6314, CVE-2015-6323
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
Cisco Advisories:
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-aironet