Mise à jour de sécurité pour les produits Cisco

Numéro : AV17-072
Date : Le 20 mai 2017

Objet

Le présent avis a pour objet d'attirer l'attention sur de multiple avis de sécurité publiés par Cisco.

Évaluation

Cisco a publié de multiples correctifs de sécurité afin d'adresser des vulnérabilités (critique à moyen) dans les produits suivants.

• Cisco Identity Services Engine GUI Denial of Service Vulnerability
• Cisco Industrial Ethernet 1000 Series Switches Device Manager Cross-Site Request Forgery Vulnerability
• Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
• Cisco Policy Suite Privilege Escalation Vulnerability
• Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
• Cisco TelePresence IX5000 Series Directory Traversal Vulnerability
• Cisco FirePOWER System Software SSL Logging Denial of Service Vulnerability
• Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities
• Cisco Nexus 5000 Series Switches CLI Command Injection Vulnerability
• Cisco Nexus 5000 Series Switches Telnet CLI Command Injection Vulnerability
• Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
• Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability
• Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
• Cisco Remote Expert Manager Denial of Service Vulnerability
• Cisco Remote Expert Manager Information Disclosure Vulnerability
• Cisco Remote Expert Manager Virtual Directory Information Disclosure Vulnerability
• Cisco Remote Expert Manager Information Disclosure Vulnerability
• Cisco Remote Expert Manager Virtual Temporary Directory Information Disclosure Vulnerability
• Cisco Remote Expert Manager Order Information Disclosure Vulnerability
• Cisco Remote Expert Manager Temporary File Information Disclosure Vulnerability
• Cisco IP Phone 8851 Session Initiation Protocol Denial of Service Vulnerability
• Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
• Cisco UCS C-Series Rack Servers TCP Port Denial of Service Vulnerability

Références CVE :
CVE Impact Critique : CVE-2017-6622
CVE Impact haute : CVE-2017-6623, CVE-2017-6621, CVE-2017-6652
CVE Impact Moyen : CVE-2017-6634, CVE-2017-6632, CVE-2017-6653, CVE-2017-6657, CVE-2017-6658, CVE-2017-6649, CVE-2017-6650, CVE-2017-6635, CVE-2017-6636, CVE-2017-6637, CVE-2017-6641, CVE-2017-6642, CVE-2017-6643, CVE-2017-6644, CVE-2017-6645, CVE-2017-6646, CVE-2017-6647, CVE-2017-6630, CVE-2017-6654, CVE-2017-6633

Mesures Recommandées

Le CCRIC recommande que les administrateurs de système mettent à l'essai et déploient les mises à jour diffusées par le fournisseur aux applications concernées.

Références :

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517- (en anglais)telepresence-ix5000
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ie1000csrf (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170515-snort (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp3 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp5 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem2 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem3 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem5 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7 (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm (en anglais)
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc (en Anglais)