Numéro : AV17-172
Date : Le 15 novembre 2017
Objet
L'objectif de cet avis est d'attirer l'attention sur de multiples avis de sécurité publiés par Cisco.
Évaluation
Cisco a publié des mises à jour de sécurité afin d'adresser des vulnérabilités dans les produits suivants.
- Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- Cisco Web Security Appliance Advanced Malware Protection File Bypass Vulnerability
- Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
- Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability
- Cisco Unified Communications Manager SQL Injection Vulnerability
- Cisco Spark Board Upgrade Signature Verification Bypass Vulnerability
- Cisco RF Gateway 1 TCP Connection Denial of Service Vulnerability
- Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities
- Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability
- Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell
- Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability
- Cisco Immunet Antimalware Installer DLL Preloading Vulnerability
- Cisco HyperFlex System Authenticated Information Disclosure Vulnerability
- Cisco Firepower System Software Server Message Block Version 2 File Policy Bypass Vulnerability
- Cisco ASA Next-Generation Firewall Services Local Management Filtering Bypass Vulnerability
- Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability
- Cisco Email Security Appliance HTTP Response Splitting Vulnerability
- Cisco Network Academy Packet Tracer DLL Preload Vulnerability
- Cisco Meeting Server H.264 Decoding Denial of Service Vulnerability
Références CVE : CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13084,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088,CVE-2017-12303,CVE-2017-12337,CVE-2017-12350,CVE-2017-12302,CVE-2017-12306,CVE-2017-12318,CVE-2017-12290,CVE-2017-12290,CVE-2017-12291,CVE-2017-12292,CVE-2017-12320,CVE-2017-12321,CVE-2017-12322,CVE-2017-12323,CVE-2017-12316,CVE-2017-12305,CVE-2017-12304,CVE-2017-12312,CVE-2017-12315,CVE-2017-12300,CVE-2017-12299,CVE-2017-12314,CVE-2017-12309,CVE-2017-12313,CVE-2017-12311
Mesures Recommandées
Le CCRIC recommande que les administrateurs de système mettent à l'essai et déploient les mises à jour diffusées par le fournisseur aux applications concernées.
Références :
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ucm
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-rf-gateway-1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-iami
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-findit
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa