Numéro : AV18-084
Date : Le 17 mai 2018
Objet
L'objectif de cet avis est d'attirer l'attention sur des avis de sécurité publié par Cisco.
Évaluation
Cisco a publié des avis de sécurité pour corriger les vulnérabilités dans plusieurs produits.
Produits visés:
- Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability
- Cisco Digital Network Architecture Center Authentication Bypass Vulnerability
- Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
- Cisco Enterprise NFV Infrastructure Software Web Management Interface Path Traversal Vulnerability
- Cisco IP Phone 7800 Series and 8800 Series Denial of Service Vulnerability
- Cisco Firepower Threat Defense Software Policy Bypass Vulnerability
- Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability
- Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability
- Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability
- Cisco Digital Network Architecture Center Unauthorized Access Vulnerability
- Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability
- Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability
- Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability
- Cisco SocialMiner Notification System Denial of Service Vulnerability
- Cisco TelePresence Server Cross-Frame Scripting Vulnerability
- Cisco Meeting Server Media Services Denial of Service Vulnerability
- CPU Side-Channel Information Disclosure Vulnerabilities
Référence CVE: CVE-2018-0222, CVE-2018-0268, CVE-2018-0270, CVE-2018-0271, CVE-2018-0277, CVE-2018-0279, CVE-2018-0289, CVE-2018-0290, CVE-2018-0297, CVE-2018-0323, CVE-2018-0324, CVE-2018-0325, CVE-2018-0327, CVE-2018-0328, CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Mesures Recommandées
Le CCRIC recommande que les administrateurs de système mettent à l'essai et déploient les mises à jour diffusées par le fournisseur aux applications concernées.
Références :
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-firepwr-pb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-fnd
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-firepwr-pb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechanne