Sélection de la langue

Mises à jour de sécurité pour Cisco

Numéro : AV18-067
Date : Le 19 avril 2018

Objet

L'objectif de cet avis est d'attirer l'attention sur des avis de sécurité publié par Cisco.

Évaluation

Cisco a publié des avis de sécurité pour corriger les vulnérabilités dans plusieurs produits.

Produits visés:

  • Cisco WebEx Clients Remote Code Execution VulnerabilityCisco UCS Director Virtual Machine Information Disclosure Vulnerability for End User Portal
  • Cisco StarOS Interface Forwarding Denial of Service Vulnerability
  • Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability
  • Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability
  • Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service Vulnerability
  • Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability
  • Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities
  • Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability
  • Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability
  • Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability
  • Cisco WebEx Connect IM Cross-Site Scripting Vulnerability
  • Cisco Unified Communications Manager LDAP Information Disclosure Vulnerability
  • Cisco Unified Communications Manager HTTP Interface Information Disclosure Vulnerability
  • Cisco StarOS IPsec Manager Denial of Service Vulnerability
  • Cisco Packet Data Network Gateway Peer-to-Peer Message Processing Denial of Service Vulnerability
  • Cisco Identity Services Engine Shell Access Vulnerability
  • Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability
  • Cisco Firepower System Software Intelligent Application Bypass Vulnerability
  • Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability
  • Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability
  • Cisco Firepower Threat Defense SSL Engine High CPU Denial of Service Vulnerability
  • Cisco DNA Center Cross Origin Resource Sharing Vulnerability
  • Cisco cBR Series Converged Broadband Routers High CPU Usage Denial of Service Vulnerability
  • Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability
  • Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability
  • Cisco AMP for Endpoints macOS Connector DMG File Malware Bypass Vulnerability
  • Cisco MATE Live Directory Information Disclosure Vulnerability
  • Cisco MATE Collector Cross-Site Request Forgery Vulnerability
  • Cisco Wireless LAN Controller Default Simple Network Management Protocol Community Strings

Référence CVE:  CVE-2018-0112, CVE-2018-0238, CVE-2018-0239, CVE-2018-0241 , CVE-2018-0233, CVE-2018-0230, CVE-2018-0229, CVE-2018-0240, CVE-2018-0231, CVE-2018-0228, CVE-2018-0227, CVE-2018-0276, CVE-2018-0267, CVE-2018-0267, CVE-2018-0266, CVE-2018-0273, CVE-2018-0256, CVE-2018-0275, CVE-2018-0255, CVE-2018-0254, CVE-2018-0244, CVE-2018-0243, CVE-2018-0272, CVE-2018-0269, CVE-2018-0257, CVE-2018-0251, CVE-2018-0242, CVE-2018-0237, CVE-2018-0260, CVE-2018-0259

Mesures Recommandées

Le CCRIC recommande que les administrateurs de système mettent à l'essai et déploient les mises à jour diffusées par le fournisseur aux applications concernées.

Références : (en anglais)

Date de modification :