Mises à jour de sécurité pour les produits Cisco

Numéro : AV17-162
Date : Le 1 novembre 2017

Objet

Le présent avis a pour objet d'attirer l'attention sur de multiple avis de sécurité publiés par Cisco.

Évaluation

Cisco a publié des mises à jour de sécurité afin d'adresser des vulnérabilités dans les produits suivants.

• Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
• Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
• Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
• Cisco Identity Services Engine Privilege Escalation Vulnerability
• Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
• Cisco Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability
• Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability
• Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability
• Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability
• Cisco Wireless LAN Controller Access Network Query Protocol Denial of Service Vulnerability
• Cisco Wireless LAN Controller CAPWAP Discovery Request Denial of Service Vulnerability
• Cisco WebEx Meetings Server Information Disclosure Vulnerability
• Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability
• Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability
• Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance   Command Injection Vulnerability
• Cisco Aironet 3800 Series Access Points Protected Management Frames User Denial of Service Vulnerability
• Cisco Aironet 1800, 2800, and 3800 Series Access Points MAC Authentication Bypass Vulnerability
• Cisco Expressway Series, Cisco TelePresence Video Communication Server, and Cisco TelePresence Conductor REST API Denial of Service Vulnerability
• Cisco Smart Install Protocol Misuse
• Cisco Integrated Management Controller Remote Code Execution Vulnerability
• Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
• Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
• Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
• Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
• Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability
• Cisco AMP for Endpoints Static Key Vulnerability
• Cisco Nexus Series Switches CLI Command Injection Vulnerability

CVE References: 
CVE-2017-3883, CVE-2017-12275,   CVE-2017-12278, CVE-2017-12261,  CVE-2017-12277, CVE-2017-12276, CVE-2017-12262, CVE-2017-12274, CVE-2017-12273, CVE-2017-12282, CVE-2017-12280, CVE-2017-12295, CVE-2017-12294, CVE-2017-12279, CVE-2017-12243,  CVE-2017-12283, CVE-2017-12281,  CVE-2017-12287, CVE-2017-6616,  CVE-2017-13077, CVE-2017-13078,  CVE-2017-9793, CVE-2017-9804, CVE-2017-12611, CVE-2015-0718,  CVE-2017-12310,  CVE-2017-12317, CVE-2017-6649.

Mesures Recommandées

Le CCRIC recommande que les administrateurs de système mettent à l'essai et déploient les mises à jour diffusées par le fournisseur aux applications concernées.

Références (en anglais):

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-fpwr
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex2
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-iosap
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet4
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs
• https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3   
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss