Cisco Security Advisory https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Spark%20Hybrid%20Calendar%20Service%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data.<br /> <br /> The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12310 Mon, 23 Oct 2017 21:30:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Wi-Fi%20Protected%20Access%20and%20Wi-Fi%20Protected%20Access%20II&vs_k=1 On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key. <br /> <br /> Among these ten vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), the other nine vulnerabilities affect only client devices. <br /> <br /> Multiple Cisco wireless products are affected by these vulnerabilities. <br /> <br /> Cisco will release software updates that address these vulnerabilities. There is a workaround that addresses the vulnerability in CVE-2017-13082. There are no workarounds that address the other vulnerabilities described in this advisory. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa</a><br /> <br /> <strong>NOTE:</strong> Additional testing performed on October 20, 2017, resulted in the discovery that the software fixes for CVE-2017-13082 on Cisco Access Points running Cisco IOS Software may not provide complete protection. Software for those devices incorporating additional fixes was made available on October 22 and 23, 2017. See the <a href="#fixed_software">Fixed Software</a> section of this advisory for additional information on fix availability and applicability to your specific deployment scenario.<br /> <br /> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13084,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088 Mon, 23 Oct 2017 21:14:38 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Apache%20Struts%202%20Affecting%20Cisco%20Products:%20September%202017&vs_k=1 On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as <em>Critical Severity</em>, one as <em>Medium Severity</em>, and one as <em>Low Severity</em>. For more information about the vulnerabilities, refer to the <a href="#details">Details</a> section of this advisory.<br /> <br /> Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by these vulnerabilities. <br /> <br /> The following Snort rule can be used to detect possible exploitation of this vulnerability: Snort SIDs 44315 and 44327 through 44330. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-9793,CVE-2017-9804,CVE-2017-9805 Mon, 23 Oct 2017 20:27:39 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Apache%20Struts%202%20Remote%20Code%20Execution%20Vulnerability%20Affecting%20Multiple%20Cisco%20Products:%20September%202017&vs_k=1 On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The Apache Software Foundation classifies the vulnerability as a <em>Medium Severity</em> vulnerability. For more information about this vulnerability, refer to the <a href="#details">Details</a> section of this advisory.<br /> <br /> Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by this vulnerability. <br /> <br /> The following Snort rules can be used to detect possible exploitation of this vulnerability: Snort SIDs 44327 through 44330.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-12611 Mon, 23 Oct 2017 20:24:49 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20TCP%20Netstack%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a <em>TIME_WAIT </em>state. An attacker could exploit this vulnerability by sending a specific TCP packet to an affected device on a TCP session that is already in a <em>TIME_WAIT </em>state. An exploit could allow the attacker to cause a reload of the TCP stack on the affected device, resulting in a DoS condition.<br /> <br /> This vulnerability can be exploited using either IPv4 or IPv6 packets. The vulnerability can be triggered by a crafted sequence of TCP packets destined for TCP ports listening on the device. The packets may use the IPv4 or IPv6 unicast address of any interface configured on the device.<br /> <br /> This vulnerability can be triggered only by traffic destined to an affected device and cannot be exploited using traffic that transits an affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-0718 Mon, 23 Oct 2017 18:22:12 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack Cisco AMP for Endpoints Static Key Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20AMP%20for%20Endpoints%20Static%20Key%20Vulnerability&vs_k=1 On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software.<br /> <br /> The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. <br /><br /> Workarounds that address this vulnerability are available. This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12317 Fri, 20 Oct 2017 21:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe Cisco Nexus Series Switches CLI Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Nexus%20Series%20Switches%20CLI%20Command%20Injection%20Vulnerability&vs_k=1 A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack.<br /> <br /> The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user&rsquo;s privilege level outside of the user&rsquo;s path.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6649 Thu, 19 Oct 2017 17:02:28 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FXOS%20and%20NX-OS%20System%20Software%20Authentication,%20Authorization,%20and%20Accounting%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload.<br /> <br /> An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload.<br /> <br /> Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3883 Wed, 18 Oct 2017 20:37:21 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty Cisco Cloud Services Platform 2100 Unauthorized Access Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Cloud%20Services%20Platform%202100%20Unauthorized%20Access%20Vulnerability&vs_k=1 A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. <br /> <br /> The vulnerability is due to weaknesses in the generation of certain authentication mechanisms in the URL of the web console. An attacker could exploit this vulnerability by browsing to one of the hosted VMs' URLs in Cisco CSP and viewing specific patterns that control the web application's mechanisms for authentication control. An exploit could allow the attacker to access a specific VM on the CSP, which causes a complete loss of the system's confidentiality, integrity, and availability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-12251 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meetings%20Server%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in Cisco&nbsp;WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12296 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1 Cisco WebEx Meetings Server Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meetings%20Server%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12293 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meeting%20Center%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in Cisco&nbsp;WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12298 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1 Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ucce?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Contact%20Center%20Express%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> Additional information about XSS attacks and potential mitigations can be found at the following links: <br /> <ul> <li> <a href="https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20060922-understanding-xss">https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20060922-understanding-xss</a></li> <li> <a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)</a></li> </ul> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ucce">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ucce</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12288 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ucce Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-spa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SPA300%20and%20SPA500%20Series%20IP%20Phones%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1 A vulnerability in Cisco&nbsp;SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device.<br /> <br /> The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-spa">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-spa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12271 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-spa Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20SPA50x,%20SPA51x,%20and%20SPA52x%20Series%20IP%20Phones%20SIP%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the implementation of Session Initiation Protocol&nbsp;(SIP) functionality in Cisco&nbsp;Small Business SPA50<em>x</em>, SPA51<em>x</em>, and SPA52<em>x</em> Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually.<br /> <br /> Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12260 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1 Cisco Small Business SPA51x Series IP Phones SIP Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20SPA51x%20Series%20IP%20Phones%20SIP%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the implementation of Session Initiation Protocol&nbsp;(SIP) functionality in Cisco&nbsp;Small Business SPA51<em>x</em> Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually.<br /> <br /> Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12259 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip Cisco NX-OS Software Python Parser Escape Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20Python%20Parser%20Escape%20Vulnerability&vs_k=1 A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device.<br /> <br /> The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.<br /> <br /> To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12301 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Network%20Analysis%20Module%20Parameter%20Directory%20Traversal%20Arbitrary%20File%20Deletion%20Vulnerability&vs_k=1 A vulnerability in the web interface of Cisco&nbsp;Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system.<br /> <br /> The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12285 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam Cisco Jabber Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Jabber%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the web interface of Cisco&nbsp;Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information.<br /> <br /> The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12286 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1 Cisco Jabber for Windows Client Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Jabber%20for%20Windows%20Client%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information.<br /> &nbsp;<br /> The vulnerability is due to a lack of input- and validation-checking mechanisms in the system. An attacker could exploit this vulnerability by issuing specific commands after authenticating to the system. A successful exploit could allow the attacker to view profile information where only certain parameters should be visible.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12284 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab Cisco Expressway Series and Cisco TelePresence Video Communication Server REST API Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Expressway%20Series%20and%20Cisco%20TelePresence%20Video%20Communication%20Server%20REST%20API%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the cluster database&nbsp;(CDB) management component of Cisco&nbsp;Expressway Series Software and Cisco&nbsp;TelePresence Video Communication Server&nbsp;(VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12287 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20Verbose%20Debug%20Logging%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco&nbsp;IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file.<br /> <br /> The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticating to the device and enabling conditional, verbose debug logging for IPsec and viewing the log file. An exploit could allow the attacker to access sensitive information related to the IPsec configuration.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12289 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1 Cisco IOS XE Software Web Framework Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20Web%20Framework%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web framework code of Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting&nbsp;(XSS) attack against a user of the web interface of the affected software.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12272 Wed, 18 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe Cisco Adaptive Security Appliance Software Direct Authentication Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Software%20Direct%20Authentication%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems that have the direct authentication feature enabled. This vulnerability can be triggered by IPv4 or IPv6 traffic.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12246 Thu, 12 Oct 2017 13:48:31 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa Cisco Meshed Wireless LAN Controller Impersonation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meshed%20Wireless%20LAN%20Controller%20Impersonation%20Vulnerability&vs_k=1 A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology.<br /> <br /> The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system.<br /> <br /> Cisco has released software updates that address this vulnerability. Note that additional configuration is needed in addition to upgrading to a fixed release. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3854 Fri, 06 Oct 2017 14:32:52 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Mobility%20Express%201800%20Access%20Point%20Series%20Authentication%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the web-based GUI of Cisco Mobility&nbsp;Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.<br /> <br /> The vulnerability is due to improper implementation of authentication for accessing&nbsp;certain web pages using the GUI interface. An attacker could exploit this vulnerability&nbsp;by sending a crafted HTTP request to the web interface of the affected system. A successful&nbsp;exploit could allow the attacker to bypass authentication and perform unauthorized configuration&nbsp;changes or issue control commands to the affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-3831 Fri, 06 Oct 2017 14:32:50 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800 Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20802.11%20WME%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.&nbsp;<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-9194 Fri, 06 Oct 2017 14:32:49 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Web%20Security%20Appliance%20Drop%20Decrypt%20Policy%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the <em>Decrypt for End-User Notification</em> configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website.<br /> <br /> The vulnerability is due to incomplete input validation of HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to connect to a website that should be blocked.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9212 Wed, 04 Oct 2017 19:22:43 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1 Cisco Adaptive Security Appliance Software HREF Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Software%20HREF%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> Additional information about XSS attacks and potential mitigations can be found at:<br /> <ul> <li> <a href="https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20060922-understanding-xss">https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20060922-understanding-xss</a></li> <li><a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)</a></li> </ul> <p>There are no workarounds that address this vulnerability.</p> This advisory is available at the following link: <br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12265 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa1 Cisco AnyConnect Network Access Manager Dual-Homed Interface Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20AnyConnect%20Network%20Access%20Manager%20Dual-Homed%20Interface%20Vulnerability&vs_k=1 A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters.<br /> <br /> The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12268 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meetings%20Server%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web framework of Cisco&nbsp;WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting&nbsp;(XSS) attack against a user of the web interface of an affected system.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12257 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms Cisco Wide Area Application Services ICA Accelerator Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wide%20Area%20Application%20Services%20ICA%20Accelerator%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting.<br /> <br /> There are no workarounds that address this vulnerability<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12267 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1 Cisco Wide Area Application Services Denial-of-Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wide%20Area%20Application%20Services%20Denial-of-Service%20Vulnerability&vs_k=1 A vulnerability in the Akamai Connect feature of Cisco&nbsp;Wide Area Application Services&nbsp;(WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12256 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Cross-Frame%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web-based UI of Cisco&nbsp;Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack.<br /> <br /> The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (<em>iframes</em>). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12258 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm Cisco Spark Messaging Stored Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-sprk?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Spark%20Messaging%20Stored%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web UI of Cisco&nbsp;Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack.<br /> <br /> The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-sprk">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-sprk</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12269 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-sprk Cisco IOS XR Software Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ncs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the <em>emsd </em>service stops.<br /> <br /> The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the <em>emsd </em>service stops.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ncs">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ncs</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12270 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ncs Cisco Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Detection%20Engine%20SSL%20Decryption%20Memory%20Consumption%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device.</p> <p>The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd</a></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12245 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd Cisco Firepower Detection Engine IPv6 Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-fpsnort?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Detection%20Engine%20IPv6%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly.</p> <p>The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability is specific to IPv6 traffic only.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-fpsnort">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-fpsnort</a></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12244 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-fpsnort Cisco Meeting Server Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meeting%20Server%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12264 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cms Cisco Meeting App Local Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cma?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meeting%20App%20Local%20Privilege%20Escalation%20Vulnerability&vs_k=1 A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App.<br /> <br /> The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cma">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cma</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12266 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cma Cisco License Manager Directory Traversal Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20License%20Manager%20Directory%20Traversal%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application which should be restricted.<br /> <br /> The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files which may contain sensitive information.<br /> <br /> Cisco has not released and will not release a software update to address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12263 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm Cisco Adaptive Security Appliance Software HREF Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Software%20HREF%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> Additional information about XSS attacks and potential mitigations can be found at:<br /> <ul> <li> <a href="https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20060922-understanding-xss">https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20060922-understanding-xss</a></li> <li><a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)</a></li> </ul> <p>There are no workarounds that address this vulnerability.</p> This advisory is available at the following link: <br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa1 ">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa1 </a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12265 Wed, 04 Oct 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa1 Cisco Integrated Management Controller Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20Privilege%20Escalation%20Vulnerability&vs_k=1 A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6619 Tue, 03 Oct 2017 20:38:32 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc Cisco Integrated Management Controller Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to perform unauthorized remote command execution on the affected device.<br /> <br /> The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. Successful exploitation could allow an unauthenticated attacker to execute system commands with <em>root</em>-level privileges.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-6616 Tue, 03 Oct 2017 20:37:11 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3 Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20DHCP%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 <p>The DHCP relay subsystem of Cisco&nbsp;IOS and Cisco&nbsp;IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service&nbsp;(DoS) condition.</p> <p>The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4&nbsp;(DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp</a></p> <p>This advisory is part of the September 27, 2017, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410">Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-12240 Fri, 29 Sep 2017 21:26:36 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20for%20Cisco%20Industrial%20Ethernet%20Switches%20PROFINET%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol&nbsp;(PN-DCP) for Cisco&nbsp;IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service&nbsp;(DoS) condition.</p> <p>The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet</a></p> <p>This advisory is part of the September 27, 2017, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410">Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12235 Thu, 28 Sep 2017 11:23:42 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20for%20Cisco%20ASR%201000%20Series%20and%20cBR-8%20Routers%20Line%20Card%20Console%20Access%20Vulnerability&vs_k=1 <p>A vulnerability in motherboard console ports of line cards for Cisco&nbsp;ASR 1000 Series Aggregation Services Routers and Cisco&nbsp;cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system.</p> <p>The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc</a></p> <p>This advisory is part of the September 27, 2017, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410">Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12239 Wed, 27 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Wireless%20Controller%20Manager%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the wireless controller manager of Cisco&nbsp;IOS XE Software could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12222 Wed, 27 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Internet%20Key%20Exchange%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the Internet Key Exchange Version 2&nbsp;(IKEv2) module of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service&nbsp;(DoS) condition.</p> <p>The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition.</p> <p>Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike</a></p> <p>This advisory is part of the September 27, 2017, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410">Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12237 Wed, 27 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Common%20Industrial%20Protocol%20Request%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 <p>Multiple vulnerabilities in the implementation of the Common Industrial Protocol&nbsp;(CIP) feature in Cisco&nbsp;IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service&nbsp;(DoS) condition.</p> <p>The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.</p> <p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip</a></p> <p>This advisory is part of the September 27, 2017, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410">Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12233,CVE-2017-12234 Wed, 27 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip