Mise à jour de sécurité pour les produits Cisco

Numéro : AV16-208
Date : Le 24 décembre2016

Objet

Le présent avis a pour objet d'attirer l'attention sur de multiple avis de Sécurité publiés par Cisco.

Évaluation

Cisco a publié de multiples correctifs de sécurité afin d'adresser des vulnérabilités (critique à moyen) dans les produits suivants.

• Cisco IOS XE Software Directory Traversal Vulnerability
• Cisco ASA Input Validation File Injection Vulnerability
• Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability
• Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability
• Cisco Firepower System Software FTP Malware Vulnerability
• Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
• Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 
• Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
• Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability
• Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability
• Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability
• Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability
• Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability
• Cisco Emergency Responder Cross-Site Request Forgery Vulnerability
• Cisco Emergency Responder Directory Traversal Vulnerability
• Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability
• Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability
• Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability
• Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability
• Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability
• Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability
• Cisco FirePOWER Malware Protection Bypass Vulnerability
• Cisco Hybrid Media Service Privilege Escalation Vulnerability
• Cisco Intercloud Fabric Director Static Credentials Vulnerability
• Cisco IOS Frame Forwarding Denial of Service Vulnerability
• Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability
• Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability
• Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability
• Cisco IOS XR Software Default Credentials Vulnerability
• Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability
• Cisco Identity Services Engine Cross-Site Scripting Vulnerability
• Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
• Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability
• Cisco Firepower Management Center Information Disclosure Vulnerability
• Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability
• Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability
• Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
• Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
• Cisco Email Security Appliance Content Filter Bypass Vulnerability
• Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
• Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
• Cisco Expressway Series Software Security Bypass Vulnerability
• Cisco Intercloud Fabric Database Static Credentials Vulnerability
• Cisco Jabber Guest Server HTTP URL Redirection Vulnerability
• Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability

Références CVE :
CVE Impact Critique : CVE-2016-9223      
CVE Impact Plus haut: CVE-2015-0642, CVE-2015-0643, CVE-2015-6278, CVE-2015-6279   
CVE Impact Moyen : CVE-2016-6450, CVE-2016-6461, CVE-2016-6466, CVE-2016-6462, CVE-2016-6463, CVE-2016-6460, CVE-2016-6472, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, CVE-2016-9192, CVE-2016-6467, CVE-2016-9203, CVE-2016-1411, CVE-2016-9199, CVE-2016-6468, CVE-2016-9208, CVE-2016-9211, CVE-2016-9206, CVE-2016-9210, CVE-2016-9202, CVE-2016-6449, CVE-2016-9193, CVE-2016-9209, CVE-2016-6470, CVE-2016-9204, CVE-2016-6473, CVE-2016-6474, CVE-2016-9205, CVE-2016-9201, CVE-2016-9215, CVE-2016-9198, CVE-2016-9214, CVE-2016-9200, CVE-2016-6464, CVE-2016-6471, CVE-2016-6469, CVE-2016-9212, CVE-2016-5195, CVE-2016-6465, CVE-2015-8138, CVE-2016-7426, CVE-2016-7427, CVE-2016-9207, CVE-2016-9217, CVE-2016-9224

Mesure suggérée

Le CCRIC recommande que les administrateurs de système mettent à l'essai et déploient les mises à jour diffusées par le fournisseur aux applications concernées.

Références

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe  (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2 (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber (en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco (en anglais)