Numéro : AV17-127
Date : Le 16 août 2017
Objet
Le présent avis a pour objet d'attirer l'attention sur de multiple avis de sécurité publiés par Cisco.
Évaluation
Cisco a publié des mises à jour de sécurité afin d'adresser des vulnérabilités dans les produits suivants.
- Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability
- Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability
- Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
- Cisco TelePresence Video Communication Server Denial of Service Vulnerability
- Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability
- Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability
- Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
- Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
- Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
- Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability
- Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability
- Cisco Elastic Services Controller Cross-Site Scripting Vulnerability
- Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability
- Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability
- Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability
- Cisco Policy Suite Privilege Escalation Vulnerability
- Cisco Prime Infrastructure HTML Injection Vulnerability
- Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability
Références CVE :
CVE-2017-6710, CVE-2017-6767, CVE-2017-6768, CVE-2017-6772, CVE-2017-6773, CVE-2017-6774,
CVE-2017-6775, CVE-2017-6776, CVE-2017-6777, CVE-2017-6778, CVE-2017-6781, CVE-2017-6783,
CVE-2017-6782, CVE-2017-6784, CVE-2017-6785, CVE-2017-6786, CVE-2017-6788, CVE-2017-6790
Mesure suggérée
Le CCRIC recommande que les administrateurs de système mettent à l'essai et déploient les mises à jour diffusées par le fournisseur aux applications concernées.
Références
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw