Numéro : AV17-157
Date : Le 18 octobre 2017
Objet
Le présent avis a pour objet d'attirer l'attention sur de multiple avis de sécurité publiés par Cisco.
Évaluation
Cisco a publié des mises à jour de sécurité afin d'adresser des vulnérabilités dans les produits suivants.
- Multiple Vulnerabilities in Wi-Fi Protected Access et Wi-Fi Protected Access II,
- Cisco IOS XE Software Web Framework Cross-Site Scripting Vulnerability
- Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability
- Cisco Expressway Series and Cisco TelePresence Video Communication Server REST API Denial of Service Vulnerability
- Cisco Jabber for Windows Client Information Disclosure Vulnerability
- Cisco Jabber Information Disclosure Vulnerability
- Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability,
- Cisco NX-OS Software Python Parser Escape Vulnerability
- Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability,
- Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability,
- Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability
- Cisco WebEx Meetings Server Denial of Service Vulnerability
- Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability
- Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
- Cisco Small Business SPA51x Series IP Phones SIP Denial of Service Vulnerability
- Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability,
- Cisco Cloud Services Platform 2100 Unauthorized Access Vulnerability
Références CVE : CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-12272, CVE-2017-12289, CVE-2017-12287, CVE-2017-12284, CVE-2017-12286, CVE-2017-12285, CVE-2017-12301, CVE-2017-12271, CVE-2017-12288, CVE-2017-12298, CVE-2017-12293, CVE-2017-12296, CVE-2017-3883, CVE-2017-12259, CVE-2017-12260, CVE-2017-12251
Mesure suggérée
Le CCRIC recommande que les administrateurs de système mettent à l'essai et déploient les mises à jour diffusées par le fournisseur aux applications concernées.
Références (seulement en anglais)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-spa
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ucce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs