Numéro : AV18-067
Date : Le 19 avril 2018
Objet
L'objectif de cet avis est d'attirer l'attention sur des avis de sécurité publié par Cisco.
Évaluation
Cisco a publié des avis de sécurité pour corriger les vulnérabilités dans plusieurs produits.
Produits visés:
- Cisco WebEx Clients Remote Code Execution VulnerabilityCisco UCS Director Virtual Machine Information Disclosure Vulnerability for End User Portal
- Cisco StarOS Interface Forwarding Denial of Service Vulnerability
- Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability
- Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability
- Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service Vulnerability
- Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability
- Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities
- Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability
- Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability
- Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability
- Cisco WebEx Connect IM Cross-Site Scripting Vulnerability
- Cisco Unified Communications Manager LDAP Information Disclosure Vulnerability
- Cisco Unified Communications Manager HTTP Interface Information Disclosure Vulnerability
- Cisco StarOS IPsec Manager Denial of Service Vulnerability
- Cisco Packet Data Network Gateway Peer-to-Peer Message Processing Denial of Service Vulnerability
- Cisco Identity Services Engine Shell Access Vulnerability
- Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability
- Cisco Firepower System Software Intelligent Application Bypass Vulnerability
- Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability
- Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability
- Cisco Firepower Threat Defense SSL Engine High CPU Denial of Service Vulnerability
- Cisco DNA Center Cross Origin Resource Sharing Vulnerability
- Cisco cBR Series Converged Broadband Routers High CPU Usage Denial of Service Vulnerability
- Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability
- Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability
- Cisco AMP for Endpoints macOS Connector DMG File Malware Bypass Vulnerability
- Cisco MATE Live Directory Information Disclosure Vulnerability
- Cisco MATE Collector Cross-Site Request Forgery Vulnerability
- Cisco Wireless LAN Controller Default Simple Network Management Protocol Community Strings
Référence CVE: CVE-2018-0112, CVE-2018-0238, CVE-2018-0239, CVE-2018-0241 , CVE-2018-0233, CVE-2018-0230, CVE-2018-0229, CVE-2018-0240, CVE-2018-0231, CVE-2018-0228, CVE-2018-0227, CVE-2018-0276, CVE-2018-0267, CVE-2018-0267, CVE-2018-0266, CVE-2018-0273, CVE-2018-0256, CVE-2018-0275, CVE-2018-0255, CVE-2018-0254, CVE-2018-0244, CVE-2018-0243, CVE-2018-0272, CVE-2018-0269, CVE-2018-0257, CVE-2018-0251, CVE-2018-0242, CVE-2018-0237, CVE-2018-0260, CVE-2018-0259
Mesures Recommandées
Le CCRIC recommande que les administrateurs de système mettent à l'essai et déploient les mises à jour diffusées par le fournisseur aux applications concernées.
Références : (en anglais)
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-webcon
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wlc