Cisco Security Advisory https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20September%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 " border='0' height='0' width='0'></img>On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as &ldquo;Critical Severity,&rdquo; one as &ldquo;Moderate Severity,&rdquo; and the other 12 as &ldquo;Low Severity.&rdquo; <br /> <br /> Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as &ldquo;High Severity&rdquo; and the other as &ldquo;Moderate Severity.&rdquo; <br /> <br /> Of the 16 released vulnerabilities:<br /> <ul> <li>Fourteen track issues that could result in a denial of service (DoS) condition</li> <li>One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality</li> <li>One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system</li> </ul> <br /> Five of the 16 vulnerabilities exclusively affect the recently released OpenSSL versions that are part of the 1.1.0 release series, which has not yet been integrated into any Cisco product.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 " border='0' height='0' width='0'></img>On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as &ldquo;Critical Severity,&rdquo; one as &ldquo;Moderate Severity,&rdquo; and the other 12 as &ldquo;Low Severity.&rdquo; <br /> <br /> Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as &ldquo;High Severity&rdquo; and the other as &ldquo;Moderate Severity.&rdquo; <br /> <br /> Of the 16 released vulnerabilities:<br /> <ul> <li>Fourteen track issues that could result in a denial of service (DoS) condition</li> <li>One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality</li> <li>One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system</li> </ul> <br /> Five of the 16 vulnerabilities exclusively affect the recently released OpenSSL versions that are part of the 1.1.0 release series, which has not yet been integrated into any Cisco product.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6305,CVE-2016-6306,CVE-2016-6307,CVE-2016-6308,CVE-2016-6309,CVE-2016-7052 Mon, 24 Apr 2017 17:02:54 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl Cisco Unified Communications Manager Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco&nbsp;Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco&nbsp;Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3808 Fri, 21 Apr 2017 18:12:27 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm Cisco Integrated Management Controller Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to perform a persistent cross-site scripting (XSS) attack.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the affected software. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to perform a persistent cross-site scripting (XSS) attack.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the affected software. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6618 Fri, 21 Apr 2017 17:22:50 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1 Cisco ASA Software DNS Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASA%20Software%20DNS%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software DNS Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DNS code of Cisco&nbsp;ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache.<br /> <br /> The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco&nbsp;ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco&nbsp;ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software DNS Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DNS code of Cisco&nbsp;ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache.<br /> <br /> The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco&nbsp;ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco&nbsp;ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6607 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns Cisco Prime Network Registrar DNS Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Network%20Registrar%20DNS%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Network Registrar DNS Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system.<br /> <br /> The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Network Registrar DNS Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system.<br /> <br /> The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6613 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20Simple%20Network%20Management%20Protocol%20Subsystem%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Simple Network Management Protocol&nbsp;(SNMP) subsystem of Cisco&nbsp;IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Simple Network Management Protocol&nbsp;(SNMP) subsystem of Cisco&nbsp;IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6615 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Detection%20Engine%20Pragmatic%20General%20Multicast%20Protocol%20Decoding%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco&nbsp;Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.<br /> <br /> The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. <br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco&nbsp;Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.<br /> <br /> The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. <br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-6368 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort Cisco FindIT Network Probe Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FindIT%20Network%20Probe%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FindIT Network Probe Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the file-download feature of the web user interface for Cisco&nbsp;FindIT Network Probe Software could allow an authenticated, remote attacker to download and view any system file by using the affected software.<br /> <br /> The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FindIT Network Probe Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the file-download feature of the web user interface for Cisco&nbsp;FindIT Network Probe Software could allow an authenticated, remote attacker to download and view any system file by using the affected software.<br /> <br /> The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6614 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20EnergyWise%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Multiple vulnerabilities in the EnergyWise module of Cisco&nbsp;IOS and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.<br /> <br /> These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition.<br /> <br /> Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Multiple vulnerabilities in the EnergyWise module of Cisco&nbsp;IOS and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.<br /> <br /> These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition.<br /> <br /> Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3860,CVE-2017-3861,CVE-2017-3862,CVE-2017-3863 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Infrastructure%20Web%20Framework%20Code%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.<br /> <br /> Additional information about XSS attacks and potential mitigations can be found at:<br /> <a href="http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html">http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html</a><br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.<br /> <br /> Additional information about XSS attacks and potential mitigations can be found at:<br /> <a href="http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html">http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html</a><br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6611 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20Arbitrary%20Code%20Execution%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based GUI of Cisco&nbsp;Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code on an affected system.<br /> <br /> The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based GUI of Cisco&nbsp;Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code on an affected system.<br /> <br /> The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6616 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3 Cisco Integrated Management Controller User Session Hijacking Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20User%20Session%20Hijacking%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller User Session Hijacking Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the session identification management functionality of the web-based GUI of Cisco&nbsp;Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system.<br /> <br /> The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user&rsquo;s browser session on the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller User Session Hijacking Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the session identification management functionality of the web-based GUI of Cisco&nbsp;Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system.<br /> <br /> The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user&rsquo;s browser session on the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6617 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2 Cisco Integrated Management Controller Command Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20Command%20Execution%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller Command Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based GUI of Cisco&nbsp;Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system.<br /> <br /> The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with <em>root</em>-level privileges on the affected system, which the attacker could use to conduct further attacks.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller Command Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based GUI of Cisco&nbsp;Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system.<br /> <br /> The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with <em>root</em>-level privileges on the affected system, which the attacker could use to conduct further attacks.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6619 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASA%20Software%20Internet%20Key%20Exchange%20Version%201%20XAUTH%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco&nbsp;ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system.<br /> <br /> The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco&nbsp;ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system.<br /> <br /> The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6610 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth Cisco ASA Software SSL/TLS Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASA%20Software%20SSL/TLS%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software SSL/TLS Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco&nbsp;ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system.<br /> <br /> The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software SSL/TLS Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco&nbsp;ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system.<br /> <br /> The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6608 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASA%20Software%20and%20Cisco%20FTD%20Software%20TCP%20Normalizer%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3793 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm Cisco ASA Software IPsec Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASA%20Software%20IPsec%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software IPsec Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the IPsec code of Cisco&nbsp;ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system.<br /> <br /> The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Software IPsec Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the IPsec code of Cisco&nbsp;ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system.<br /> <br /> The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6609 Wed, 19 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Apache%20Struts2%20Jakarta%20Multipart%20Parser%20File%20Upload%20Code%20Execution%20Vulnerability%20Affecting%20Cisco%20Products&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products" border='0' height='0' width='0'></img><p>On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a<em> </em>crafted <span class="more"><em>Content-Type</em>, <em>Content-Disposition</em>, or <em>Content-Length</em> value.<br /> </span></p> This vulnerability has been assigned CVE-ID CVE-2017-5638.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products" border='0' height='0' width='0'></img><p>On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a<em> </em>crafted <span class="more"><em>Content-Type</em>, <em>Content-Disposition</em>, or <em>Content-Length</em> value.<br /> </span></p> This vulnerability has been assigned CVE-ID CVE-2017-5638.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-5638 Wed, 19 Apr 2017 15:44:34 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2 Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Industrial%20Ethernet%202000%20Series%20Switches%20CIP%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco&nbsp;Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service&nbsp;(DoS) condition due to a system memory leak.<br /> <br /> The vulnerability is due to improper handling of malformed CIP packets. An attacker could exploit this vulnerability by sending malformed CIP requests to a targeted device. A successful exploit could allow the attacker to cause a DoS condition on the targeted device due to low system memory.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco&nbsp;Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service&nbsp;(DoS) condition due to a system memory leak.<br /> <br /> The vulnerability is due to improper handling of malformed CIP packets. An attacker could exploit this vulnerability by sending malformed CIP requests to a targeted device. A successful exploit could allow the attacker to cause a DoS condition on the targeted device due to low system memory.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3812 Tue, 18 Apr 2017 19:43:17 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1 Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Optical%20for%20Service%20Providers%20RADIUS%20Secret%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device.<br /> <br /> The vulnerability occurs because sensitive information is not obscured in the generated configuration files. An attacker could exploit this vulnerability by authenticating to the application and using the network management interface to generate configuration files. An exploit could allow the attacker to reveal sensitive information in the device configuration.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device.<br /> <br /> The vulnerability occurs because sensitive information is not obscured in the generated configuration files. An attacker could exploit this vulnerability by authenticating to the application and using the network management interface to generate configuration files. An exploit could allow the attacker to reveal sensitive information in the device configuration.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3871 Tue, 18 Apr 2017 13:36:01 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20January%20and%20February%202017&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017" border='0' height='0' width='0'></img>On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl">Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016</a>. OpenSSL classifies all the new vulnerabilities as &ldquo;Moderate Severity.&rdquo;<br /> <br /> The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information.<br /> <br /> Multiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities. <br /> <br /> There are no Cisco products affected by the vulnerability identified by CVE ID CVE-2017-3730.<br /> <br /> On February 16, 2017, the OpenSSL Software Foundation released another security advisory that included one high severity vulnerability identified by CVE ID CVE-2017-3733. <br /> <br /> There are no Cisco products affected by this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017" border='0' height='0' width='0'></img>On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl">Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016</a>. OpenSSL classifies all the new vulnerabilities as &ldquo;Moderate Severity.&rdquo;<br /> <br /> The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information.<br /> <br /> Multiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities. <br /> <br /> There are no Cisco products affected by the vulnerability identified by CVE ID CVE-2017-3730.<br /> <br /> On February 16, 2017, the OpenSSL Software Foundation released another security advisory that included one high severity vulnerability identified by CVE ID CVE-2017-3733. <br /> <br /> There are no Cisco products affected by this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3730,CVE-2017-3731,CVE-2017-3732,CVE-2017-3733 Fri, 14 Apr 2017 18:49:54 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Cluster%20Management%20Protocol%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.<br /> <br /> The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:<br /> <ul> <li> The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and</li> <li>The incorrect processing of malformed CMP-specific Telnet options. </li> </ul> An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.<br /> <br /> Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.<br /> <br /> The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:<br /> <ul> <li> The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and</li> <li>The incorrect processing of malformed CMP-specific Telnet options. </li> </ul> An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.<br /> <br /> Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-3881 Thu, 13 Apr 2017 20:02:29 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=SSL%20Padding%20Oracle%20On%20Downgraded%20Legacy%20Encryption%20(POODLE)%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability" border='0' height='0' width='0'></img>On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when using a block cipher in Cipher Block Chaining (CBC) mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer Security (TLS) protocols. By exploiting this vulnerability, an attacker could decrypt a subset of the encrypted communication.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability" border='0' height='0' width='0'></img>On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when using a block cipher in Cipher Block Chaining (CBC) mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer Security (TLS) protocols. By exploiting this vulnerability, an attacker could decrypt a subset of the encrypted communication.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle</a> <br/>Security Impact Rating: Low <br/>CVE: CVE-2014-3566 Wed, 12 Apr 2017 13:43:52 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle Cisco UCS Director Virtual Machine Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Director%20Virtual%20Machine%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Director Virtual Machine Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the role-based resource checking functionality of Cisco&nbsp;Unified Computing System&nbsp;(UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain.<br /> <br /> The vulnerability is due to improper role-based user checks. An attacker could exploit this vulnerability by executing certain fenced container commands on an affected system. A successful exploit could allow the attacker to gain unauthorized access to virtual machines in a local UCS domain of the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Director Virtual Machine Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the role-based resource checking functionality of Cisco&nbsp;Unified Computing System&nbsp;(UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain.<br /> <br /> The vulnerability is due to improper role-based user checks. An attacker could exploit this vulnerability by executing certain fenced container commands on an affected system. A successful exploit could allow the attacker to gain unauthorized access to virtual machines in a local UCS domain of the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3817 Tue, 11 Apr 2017 21:26:28 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%201800,%202800,%20and%203800%20Series%20Access%20Point%20Platforms%20Shell%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted <em>root </em>access to the underlying Linux operating system. The <em>root </em>Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with <em>root </em>privileges. The attacker must have the <em>root </em>password to exploit this vulnerability.<br /> <br /> The vulnerability occurs because of incorrect management of user credentials when the user authenticates to the device. An attacker could exploit this vulnerability by authenticating to the affected device with the <em>root </em>account. An exploit could allow the authenticated, privileged attacker to bypass the controls required for <em>root </em>Linux shell access. If the authenticated user obtains <em>root </em>Linux shell access, further compromise may be possible.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted <em>root </em>access to the underlying Linux operating system. The <em>root </em>Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with <em>root </em>privileges. The attacker must have the <em>root </em>password to exploit this vulnerability.<br /> <br /> The vulnerability occurs because of incorrect management of user credentials when the user authenticates to the device. An attacker could exploit this vulnerability by authenticating to the affected device with the <em>root </em>account. An exploit could allow the authenticated, privileged attacker to bypass the controls required for <em>root </em>Linux shell access. If the authenticated user obtains <em>root </em>Linux shell access, further compromise may be possible.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9196 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20Management%20GUI%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3832 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3 Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20IPv6%20UDP%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. <br /> <br /> The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. <br /> <br /> The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-9219 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2 Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20RADIUS%20Change%20of%20Authorization%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection.<br /> <br /> The vulnerability is due to lack of proper input validation of the RADIUS CoA packet header. An attacker could exploit this vulnerability by sending a crafted RADIUS CoA packet to a targeted device. A successful exploit could allow the attacker to disconnect a connection through the WLC unexpectedly.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection.<br /> <br /> The vulnerability is due to lack of proper input validation of the RADIUS CoA packet header. An attacker could exploit this vulnerability by sending a crafted RADIUS CoA packet to a targeted device. A successful exploit could allow the attacker to disconnect a connection through the WLC unexpectedly.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9195 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1 Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20802.11%20WME%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.&nbsp;<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.&nbsp;<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-9194 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Manager,%20Cisco%20Firepower%204100%20Series%20NGFW,%20and%20Cisco%20Firepower%209300%20Security%20Appliance%20CLI%20Command%20Injection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.<br /> <br /> The vulnerability is due to insufficient input validation for the affected command. An authenticated local attacker could exploit this vulnerability by injecting crafted command arguments into a redirect of a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.<br /> <br /> The vulnerability is due to insufficient input validation for the affected command. An authenticated local attacker could exploit this vulnerability by injecting crafted command arguments into a redirect of a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6600 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Manager,%20Cisco%20Firepower%204100%20Series%20NGFW,%20and%20Cisco%20Firepower%209300%20Security%20Appliance%20Debug%20Plug-in%20Privilege%20Escalation%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands.<br /> <br /> The vulnerability is due to inadequate integrity checks for the debug plug-in. An attacker could exploit this vulnerability by crafting a debug plug-in and loading it using elevated privileges. An exploit could allow the attacker to run malicious code that would allow for the execution of arbitrary commands as <em>root</em>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands.<br /> <br /> The vulnerability is due to inadequate integrity checks for the debug plug-in. An attacker could exploit this vulnerability by crafting a debug plug-in and loading it using elevated privileges. An exploit could allow the attacker to run malicious code that would allow for the execution of arbitrary commands as <em>root</em>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6598 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs Cisco Unified Communications Manager Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Cross-Site Scripting Vulnerability " border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> Additional information about XSS attacks and potential mitigations is available at the following links:<br /> <ul> <li> <a href="http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html">http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html</a></li> <li> <a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)</a></li> </ul><br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Cross-Site Scripting Vulnerability " border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> Additional information about XSS attacks and potential mitigations is available at the following links:<br /> <ul> <li> <a href="http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html">http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html</a></li> <li> <a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)</a></li> </ul><br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3888 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1 Cisco Unified Communications Manager SQL Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20SQL%20Injection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager SQL Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries.<br /> <br /> The vulnerability is due to a lack of input validation on HTTP requests that contain user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database.<br /> <br /> Additional information is available at the following link:<br /> <a href="https://www.owasp.org/index.php/SQL_Injection">https://www.owasp.org/index.php/SQL_Injection</a><br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager SQL Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries.<br /> <br /> The vulnerability is due to a lack of input validation on HTTP requests that contain user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database.<br /> <br /> Additional information is available at the following link:<br /> <a href="https://www.owasp.org/index.php/SQL_Injection">https://www.owasp.org/index.php/SQL_Injection</a><br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3886 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm Cisco Registered Envelope Service Open Redirect Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Registered%20Envelope%20Service%20Open%20Redirect%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Registered Envelope Service Open Redirect Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page. <br /> <br /> The vulnerability is due to improper input validation of the parameters of the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. This type of exploit is known as an <em>open redirect attack</em> and is used in phishing attacks to get users to visit malicious sites without their knowledge.<br /> <br /> More information can be found at the following link: <a href=" https://cwe.mitre.org/data/definitions/601.html">https://cwe.mitre.org/data/definitions/601.html</a><br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Registered Envelope Service Open Redirect Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page. <br /> <br /> The vulnerability is due to improper input validation of the parameters of the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. This type of exploit is known as an <em>open redirect attack</em> and is used in phishing attacks to get users to visit malicious sites without their knowledge.<br /> <br /> More information can be found at the following link: <a href=" https://cwe.mitre.org/data/definitions/601.html">https://cwe.mitre.org/data/definitions/601.html</a><br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3889 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res Cisco IOS XE Software Startup Script Local Command Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20Startup%20Script%20Local%20Command%20Execution%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XE Software Startup Script Local Command Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the <em>root</em> user.<br /> <br /> The vulnerability is due to insufficient validation of ROMMON variables values. An attacker could exploit this vulnerability by manipulating the content of some ROMMON variables, which will allow an external script containing the command to execute at boot time. A reload of the affected system is needed to exploit the vulnerability. An attacker would need console access to exploit this vulnerability.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XE Software Startup Script Local Command Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the <em>root</em> user.<br /> <br /> The vulnerability is due to insufficient validation of ROMMON variables values. An attacker could exploit this vulnerability by manipulating the content of some ROMMON variables, which will allow an external script containing the command to execute at boot time. A reload of the affected system is needed to exploit the vulnerability. An attacker would need console access to exploit this vulnerability.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6606 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe Cisco IOS XR Software Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (<em>emsd</em>) to crash due to a system memory leak, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by sending malformed gRPC requests repeatedly to the affected device. An exploit could allow the attacker to cause the <em>emsd </em>process to crash.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (<em>emsd</em>) to crash due to a system memory leak, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by sending malformed gRPC requests repeatedly to the affected device. An exploit could allow the attacker to cause the <em>emsd </em>process to crash.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6599 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Infrastructure%20and%20Cisco%20Evolved%20Programmable%20Network%20Manager%20Web%20Interface%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco&nbsp;Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks.<br /> <br /> The vulnerability occurs because the application does not sufficiently protect sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to obtain sensitive information about the application.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco&nbsp;Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks.<br /> <br /> The vulnerability occurs because the application does not sufficiently protect sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to obtain sensitive information about the application.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3884 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Mobility%20Express%202800%20and%203800%20Series%20Wireless%20LAN%20Controllers%20Shell%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with <em>root</em>-level privileges. <br /> <br /> The vulnerability is due to incorrect permissions being assigned to configured users on the device. An attacker could exploit this vulnerability by authenticating to the device and issuing certain commands at the CLI. A successful exploit could allow the attacker to access the underlying operating system shell with <em>root</em> access.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with <em>root</em>-level privileges. <br /> <br /> The vulnerability is due to incorrect permissions being assigned to configured users on the device. An attacker could exploit this vulnerability by authenticating to the device and issuing certain commands at the CLI. A successful exploit could allow the attacker to access the underlying operating system shell with <em>root</em> access.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9197 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Manager,%20Cisco%20Firepower%204100%20Series%20NGFW,%20and%20Cisco%20Firepower%209300%20Security%20Appliance%20CLI%20Command%20Injection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user&rsquo;s privilege level outside the expected path and gain access to other devices.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user&rsquo;s privilege level outside the expected path and gain access to other devices.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6602 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Manager,%20Cisco%20Firepower%204100%20Series%20NGFW,%20and%20Cisco%20Firepower%209300%20Security%20Appliance%20CLI%20Command%20Injection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user&rsquo;s privilege level outside of the user&rsquo;s path.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user&rsquo;s privilege level outside of the user&rsquo;s path.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6601 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Manager,%20Cisco%20Firepower%204100%20Series%20NGFW,%20and%20Cisco%20Firepower%209300%20Security%20Appliance%20local-mgmt%20CLI%20Command%20Injection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <strong>local-mgmt</strong> CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.<br /> &nbsp;<br /> The vulnerability is due to insufficient input validation for the affected command. An authenticated, local attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <strong>local-mgmt</strong> CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.<br /> &nbsp;<br /> The vulnerability is due to insufficient input validation for the affected command. An authenticated, local attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6597 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli Cisco Integrated Management Controller Redirection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20Redirection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller Redirection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web interface of Cisco&nbsp;Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.<br /> <br /> The vulnerability is due to improper input validation of parameters in HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system, which could cause the web interface of the affected software to redirect the request to a malicious URL. This vulnerability is known as an <em>open redirect attack</em>, which is used in phishing attacks to get users to visit malicious sites without their knowledge.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Integrated Management Controller Redirection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web interface of Cisco&nbsp;Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.<br /> <br /> The vulnerability is due to improper input validation of parameters in HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system, which could cause the web interface of the affected software to redirect the request to a malicious URL. This vulnerability is known as an <em>open redirect attack</em>, which is used in phishing attacks to get users to visit malicious sites without their knowledge.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6604 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc Cisco Firepower Detection Engine SSL Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Detection%20Engine%20SSL%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Detection Engine SSL Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco&nbsp;Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts.<br /> <br /> The vulnerability is due to improper error handling of an SSL packet in an established SSL connection. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts, causing traffic inspection to be bypassed or traffic to be dropped.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Detection Engine SSL Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco&nbsp;Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts.<br /> <br /> The vulnerability is due to improper error handling of an SSL packet in an established SSL connection. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts, causing traffic inspection to be bypassed or traffic to be dropped.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3887 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1 Cisco Firepower Detection Engine SSL Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Detection%20Engine%20SSL%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Detection Engine SSL Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources.<br /> <br /> The vulnerability is due to improper handling of an SSL packet stream. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition because the Snort process consumes a high level of CPU resources. The device must be manually reloaded to recover from this condition.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Detection Engine SSL Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources.<br /> <br /> The vulnerability is due to improper handling of an SSL packet stream. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition because the Snort process consumes a high level of CPU resources. The device must be manually reloaded to recover from this condition.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3885 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%20903%20and%20ASR%20920%20Series%20Devices%20IPv6%20Packet%20Processing%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system.<br /> <br /> The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The system could push IPv6 traffic to the processor even when the device is not configured for IPv6, which could cause other control packets to be affected. A successful exploit could allow the attacker to cause a DoS condition on the system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system.<br /> <br /> The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The system could push IPv6 traffic to the processor even when the device is not configured for IPv6, which could cause other control packets to be affected. A successful exploit could allow the attacker to cause a DoS condition on the system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6603 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%201830%20Series%20and%201850%20Series%20Access%20Points%20Mobility%20Express%20Default%20Credential%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco&nbsp;Aironet 1830 Series and Cisco&nbsp;Aironet 1850 Series Access Points running Cisco&nbsp;Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.<br /> <br /> The vulnerability is due to the existence of default credentials for an affected device that is running Cisco&nbsp;Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell&nbsp;(SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco&nbsp;Aironet 1830 Series and Cisco&nbsp;Aironet 1850 Series Access Points running Cisco&nbsp;Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.<br /> <br /> The vulnerability is due to the existence of default credentials for an affected device that is running Cisco&nbsp;Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell&nbsp;(SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-3834 Wed, 05 Apr 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame Cisco Application-Hosting Framework Directory Traversal Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Application-Hosting%20Framework%20Directory%20Traversal%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Application-Hosting Framework Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework code of the Cisco&nbsp;application-hosting framework (CAF) component of the Cisco&nbsp;IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco&nbsp;IOx.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Application-Hosting Framework Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework code of the Cisco&nbsp;application-hosting framework (CAF) component of the Cisco&nbsp;IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco&nbsp;IOx.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3851 Wed, 22 Mar 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1 Cisco IOx Data in Motion Stack Overflow Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOx%20Data%20in%20Motion%20Stack%20Overflow%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOx Data in Motion Stack Overflow Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco&nbsp;IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with <em>root</em> privileges in the virtual instance running on an affected device.<br /> <br /> The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco&nbsp;IOx.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOx Data in Motion Stack Overflow Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco&nbsp;IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with <em>root</em> privileges in the virtual instance running on an affected device.<br /> <br /> The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco&nbsp;IOx.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-3853 Wed, 22 Mar 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20DHCP%20Client%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability" border='0' height='0' width='0'></img><p>A vulnerability in the DHCP client implementation of Cisco&nbsp;IOS and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.</p> <p>The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc</a></p> <p>This advisory is part of the March 22, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see <a href="http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-60851">Cisco Event Response: March 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability" border='0' height='0' width='0'></img><p>A vulnerability in the DHCP client implementation of Cisco&nbsp;IOS and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.</p> <p>The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc</a></p> <p>This advisory is part of the March 22, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see <a href="http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-60851">Cisco Event Response: March 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3864 Wed, 22 Mar 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Application-Hosting%20Framework%20Arbitrary%20File%20Creation%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco&nbsp;IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device.<br /> <br /> The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco&nbsp;IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco&nbsp;IOx.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco&nbsp;IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device.<br /> <br /> The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco&nbsp;IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco&nbsp;IOx.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf2</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3852 Wed, 22 Mar 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf2