Cisco Security Advisory https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Network%20Time%20Protocol%20Daemon%20Affecting%20Cisco%20Products:%20November%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server. <br /> <br /> On November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time. <br /> <br /> The new vulnerabilities disclosed in this document are as follows:<br /> <ul> <li>Network Time Protocol Trap Service Denial of Service Vulnerability</li> <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li> <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li> <li>Network Time Protocol Insufficient Resource Pool Denial of Service Vulnerability</li> <li>Network Time Protocol Configuration Modification Denial of Service Vulnerability</li> <li>Network Time Protocol mrulist Query Requests Denial of Service Vulnerability</li> <li>Network Time Protocol Multiple Binds to the Same Port Vulnerability</li> <li>Network Time Protocol Rate Limiting Denial of Service Vulnerability</li> </ul> <div>As well as:<br /> <ul> <li>Regression of CVE-2015-8138</li> <li>Network Time Protocol Reboot sync calculation problem</li> </ul> </div> Additional details about each vulnerability are in the <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se">NTP Consortium Security Notice</a>.<br /> <br /> Workarounds that address one or more of these vulnerabilities may be available and are documented in the Cisco bug for each affected product. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server. <br /> <br /> On November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time. <br /> <br /> The new vulnerabilities disclosed in this document are as follows:<br /> <ul> <li>Network Time Protocol Trap Service Denial of Service Vulnerability</li> <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li> <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li> <li>Network Time Protocol Insufficient Resource Pool Denial of Service Vulnerability</li> <li>Network Time Protocol Configuration Modification Denial of Service Vulnerability</li> <li>Network Time Protocol mrulist Query Requests Denial of Service Vulnerability</li> <li>Network Time Protocol Multiple Binds to the Same Port Vulnerability</li> <li>Network Time Protocol Rate Limiting Denial of Service Vulnerability</li> </ul> <div>As well as:<br /> <ul> <li>Regression of CVE-2015-8138</li> <li>Network Time Protocol Reboot sync calculation problem</li> </ul> </div> Additional details about each vulnerability are in the <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se">NTP Consortium Security Notice</a>.<br /> <br /> Workarounds that address one or more of these vulnerabilities may be available and are documented in the Cisco bug for each affected product. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2015-8138,CVE-2016-7426,CVE-2016-7427,CVE-2016-7428,CVE-2016-7429,CVE-2016-7431,CVE-2016-7433,CVE-2016-7434,CVE-2016-9310,CVE-2016-9311,CVE-2016-9312 Mon, 23 Jan 2017 14:51:48 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Web%20Interface%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>Cisco Unified Communications Manager (CUCM) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.<br /> <br /> The vulnerability is due to a failure to properly call XSS filter subsystems when a URL contains a certain parameter. An attacker who can persuade an authenticated user of an affected device to follow an attacker-provided link or visit an attacker-controlled website could exploit this vulnerability to execute arbitrary code in the context of the affected site in the user's browser.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>Cisco Unified Communications Manager (CUCM) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.<br /> <br /> The vulnerability is due to a failure to properly call XSS filter subsystems when a URL contains a certain parameter. An attacker who can persuade an authenticated user of an affected device to follow an attacker-provided link or visit an attacker-controlled website could exploit this vulnerability to execute arbitrary code in the context of the affected site in the user's browser.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3802 Thu, 19 Jan 2017 17:40:32 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1 Cisco Email Security Appliance Filter Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20Filter%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device.<br /> &nbsp;<br /> The vulnerability is due to incomplete input validation of email message attachments in different formats. An attacker could exploit this vulnerability by sending a crafted email message with an attachment to the ESA. An exploit could allow the attacker to bypass configured content or message filters configured on the ESA. This message filter bypass could allow email attachments that contain malware to pass through the targeted device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device.<br /> &nbsp;<br /> The vulnerability is due to incomplete input validation of email message attachments in different formats. An attacker could exploit this vulnerability by sending a crafted email message with an attachment to the ESA. An exploit could allow the attacker to bypass configured content or message filters configured on the ESA. This message filter bypass could allow email attachments that contain malware to pass through the targeted device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3800 Thu, 19 Jan 2017 14:45:14 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%205000%20Software%20ipsecmgr%20Process%20IKE%20Packet%20Parsing%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>ipsecmgr</em> process of Cisco ASR 5000 Software could allow an authenticated, remote attacker to cause the <em>ipsecmgr</em> process to reload.<br /> <br /> The vulnerability is due to a logical error while parsing IKE packets. An attacker could exploit this vulnerability by submitting malformed IKE packets to the targeted system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>ipsecmgr</em> process of Cisco ASR 5000 Software could allow an authenticated, remote attacker to cause the <em>ipsecmgr</em> process to reload.<br /> <br /> The vulnerability is due to a logical error while parsing IKE packets. An attacker could exploit this vulnerability by submitting malformed IKE packets to the targeted system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9216 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr Cisco WebEx Meeting Center Site Redirection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meeting%20Center%20Site%20Redirection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meeting Center Site Redirection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in a URL parameter of Cisco WebEx could allow an unauthenticated, remote attacker to perform site redirection.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a remote site URL in the affected parameter of the Cisco WebEx URL. An exploit could allow the attacker to redirect a user to a malicious website.<br /> <br /> To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meeting Center Site Redirection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in a URL parameter of Cisco WebEx could allow an unauthenticated, remote attacker to perform site redirection.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a remote site URL in the affected parameter of the Cisco WebEx URL. An exploit could allow the attacker to redirect a user to a malicious website.<br /> <br /> To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3799 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4 Cisco WebEx Meetings Server Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meetings%20Server%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server.<br /> &nbsp;<br /> The vulnerability is due to insufficient masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by issuing specific HTTP requests. An exploit could allow the attacker to view the fully qualified domain name of the server.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server.<br /> &nbsp;<br /> The vulnerability is due to insufficient masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by issuing specific HTTP requests. An exploit could allow the attacker to view the fully qualified domain name of the server.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3797 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3 Cisco WebEx Meetings Server Command Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meetings%20Server%20Command%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Command Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts.<br /> <br /> The vulnerability is due to insufficient security configurations of <em>bash </em>in <strong>interactive mode</strong>. An attacker could exploit this vulnerability by connecting to a host as <em>root </em>and then connecting to another host via SSH and issuing predetermined shell commands. A successful exploit could allow an attacker to execute commands as <em>root </em>on any other Cisco WebEx Meeting Server host.<br /> <br /> Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Command Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts.<br /> <br /> The vulnerability is due to insufficient security configurations of <em>bash </em>in <strong>interactive mode</strong>. An attacker could exploit this vulnerability by connecting to a host as <em>root </em>and then connecting to another host via SSH and issuing predetermined shell commands. A successful exploit could allow an attacker to execute commands as <em>root </em>on any other Cisco WebEx Meeting Server host.<br /> <br /> Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3796 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2 Cisco WebEx Meetings Server Arbitrary Password Change Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meetings%20Server%20Arbitrary%20Password%20Change%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Arbitrary Password Change Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user.<br /> <br /> The vulnerability is due to insufficient parameter string security. An attacker could exploit this vulnerability by creating a password-protected meeting and utilizing system-provided parameters to change a non-administrative user password. A successful exploit could allow an attacker to change the password of a targeted user.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Arbitrary Password Change Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user.<br /> <br /> The vulnerability is due to insufficient parameter string security. An attacker could exploit this vulnerability by creating a password-protected meeting and utilizing system-provided parameters to change a non-administrative user password. A successful exploit could allow an attacker to change the password of a targeted user.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3795 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meetings%20Server%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user.<br /> <br /> The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow an attacker to submit arbitrary requests to the affected device via the Administration pages with the privileges of the user.<br /><br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user.<br /> <br /> The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow an attacker to submit arbitrary requests to the affected device via the Administration pages with the privileges of the user.<br /><br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3794 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NetFlow%20Generation%20Appliance%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability " border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability " border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9222 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Nexus%205000,%206000,%20and%207000%20Series%20Switches%20Software%20IS-IS%20Packet%20Processing%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device.<br /> <br /> The vulnerability is due to improper processing of crafted IS-IS protocol packets. An attacker could exploit this vulnerability by sending a crafted IS-IS protocol packet over an established adjacency. An exploit could allow the attacker to cause a reload of the affected device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device.<br /> <br /> The vulnerability is due to improper processing of crafted IS-IS protocol packets. An attacker could exploit this vulnerability by sending a crafted IS-IS protocol packet over an established adjacency. An exploit could allow the attacker to cause a reload of the affected device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3804 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20Cisco%20IOx%20Software%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device.<br /> &nbsp;<br /> The vulnerability is due to lack of proper input validation of the HTTP URL being requested. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted device. An exploit could allow the attacker to view confidential information that should only be visible to authenticated users to the device. The attacker could use this information to conduct additional reconnaissance attacks.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device.<br /> &nbsp;<br /> The vulnerability is due to lack of proper input validation of the HTTP URL being requested. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted device. An exploit could allow the attacker to view confidential information that should only be visible to authenticated users to the device. The attacker could use this information to conduct additional reconnaissance attacks.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3805 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios Cisco Hybrid Meeting Server Web Interface Cross-Site Request Forgery Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Hybrid%20Meeting%20Server%20Web%20Interface%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Hybrid Meeting Server Web Interface Cross-Site Request Forgery Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.<br /> <br /> The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Hybrid Meeting Server Web Interface Cross-Site Request Forgery Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.<br /> <br /> The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9218 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms Cisco Unified Communications Manager Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device.<br /> <br /> The vulnerability is due to a failure to properly call XSS filter subsystems when a URL contains a certain parameter. An attacker who can persuade an authenticated user of an affected device to follow an attacker-provided link or visit an attacker-controlled website could exploit this vulnerability to execute arbitrary code in the context of the affected site in the user's browser.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device.<br /> <br /> The vulnerability is due to a failure to properly call XSS filter subsystems when a URL contains a certain parameter. An attacker who can persuade an authenticated user of an affected device to follow an attacker-provided link or visit an attacker-controlled website could exploit this vulnerability to execute arbitrary code in the context of the affected site in the user's browser.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3798 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm Cisco Mobility Express 2800 and 3800 Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Mobility%20Express%202800%20and%203800%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Mobility Express 2800 and 3800 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail.<br /> <br /> The vulnerability is due to improper error handling for 802.11 authentication requests that do not complete. An attacker could exploit this vulnerability by sending a crafted 802.11 frame to the targeted device. An exploit could allow the attacker to impact the availability of the device due to authentication failures.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Mobility Express 2800 and 3800 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail.<br /> <br /> The vulnerability is due to improper error handling for 802.11 authentication requests that do not complete. An attacker could exploit this vulnerability by sending a crafted 802.11 frame to the targeted device. An exploit could allow the attacker to impact the availability of the device due to authentication failures.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9221 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2 Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Mobility%20Express%202800%20and%203800%20802.11%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests.<br /> <br /> The vulnerability is due to lack of proper error handling when the 802.11 frame is received with an unexpected status code. An attacker could exploit this vulnerability by sending a crafted 802.11 frame to the targeted device. An exploit could allow the attacker to impact the availability of the device due to the connection table being filled with invalid connections.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests.<br /> <br /> The vulnerability is due to lack of proper error handling when the 802.11 frame is received with an unexpected status code. An attacker could exploit this vulnerability by sending a crafted 802.11 frame to the targeted device. An exploit could allow the attacker to impact the availability of the device due to the connection table being filled with invalid connections.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9220 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1 Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20for%20Catalyst%202960X%20and%203750X%20Switches%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing of IPv6 Neighbor Discovery (ND) packets. An attacker could exploit this vulnerability by sending a number of IPv6 ND packets to be processed by an affected device. An exploit could allow the attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial DoS service condition.<br /> <br /> Workarounds that address this vulnerability are available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing of IPv6 Neighbor Discovery (ND) packets. An attacker could exploit this vulnerability by sending a number of IPv6 ND packets to be processed by an affected device. An exploit could allow the attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial DoS service condition.<br /> <br /> Workarounds that address this vulnerability are available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-3803 Wed, 18 Jan 2017 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20(June%202015)%20Affecting%20Cisco%20Products&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products" border='0' height='0' width='0'></img>On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research.<br /> <br /> Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory. <br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities may be available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products" border='0' height='0' width='0'></img>On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research.<br /> <br /> Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory. <br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities may be available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2014-8176,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792 Tue, 17 Jan 2017 14:55:25 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20November%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016" border='0' height='0' width='0'></img>On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as &ldquo;Critical Severity,&rdquo; one as &ldquo;Moderate Severity,&rdquo; and one as &ldquo;Low Severity.&rdquo;<br /> <br /> Two of the vulnerabilities affect only recent OpenSSL versions in the 1.1.0 release series. The remaining Low Severity vulnerability affects OpenSSL versions in the 1.0.2 and 1.1.0 release series. <br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016" border='0' height='0' width='0'></img>On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as &ldquo;Critical Severity,&rdquo; one as &ldquo;Moderate Severity,&rdquo; and one as &ldquo;Low Severity.&rdquo;<br /> <br /> Two of the vulnerabilities affect only recent OpenSSL versions in the 1.1.0 release series. The remaining Low Severity vulnerability affects OpenSSL versions in the 1.0.2 and 1.1.0 release series. <br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-7053,CVE-2016-7054,CVE-2016-7055 Wed, 11 Jan 2017 13:45:53 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20CloudCenter%20Orchestrator%20Docker%20Engine%20Privilege%20Escalation%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system.<br /> <br /> The vulnerability is due to a misconfiguration that causes the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker containers on the affected system with arbitrary privileges. As a secondary impact this may allow the attacker to gain <em>root</em> privileges on the affected CloudCenter Orchestrator.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system.<br /> <br /> The vulnerability is due to a misconfiguration that causes the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker containers on the affected system with arbitrary privileges. As a secondary impact this may allow the attacker to gain <em>root</em> privileges on the affected CloudCenter Orchestrator.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2016-9223 Wed, 21 Dec 2016 18:03:54 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco Cisco Intercloud Fabric Database Static Credentials Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Intercloud%20Fabric%20Database%20Static%20Credentials%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Intercloud Fabric Database Static Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products.<br /> <br /> The vulnerability occurs because the database account uses static credentials. An attacker could exploit this vulnerability by using these credentials to connect to the database. The contents of the database can then be examined or modified. Note that this database contains only internal objects used by the application. The database does not contain other credentials.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Intercloud Fabric Database Static Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products.<br /> <br /> The vulnerability occurs because the database account uses static credentials. An attacker could exploit this vulnerability by using these credentials to connect to the database. The contents of the database can then be examined or modified. Note that this database contains only internal objects used by the application. The database does not contain other credentials.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9217 Wed, 21 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf Cisco Jabber Guest Server HTTP URL Redirection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Jabber%20Guest%20Server%20HTTP%20URL%20Redirection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Jabber Guest Server HTTP URL Redirection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts.<br /> <br /> The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco Jabber Guest Server. An attacker could exploit this vulnerability by sending a crafted URL to the Cisco Jabber Guest Server. An exploit could allow an attacker to connect to arbitrary hosts.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Jabber Guest Server HTTP URL Redirection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts.<br /> <br /> The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco Jabber Guest Server. An attacker could exploit this vulnerability by sending a crafted URL to the Cisco Jabber Guest Server. An exploit could allow an attacker to connect to arbitrary hosts.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9224 Wed, 21 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber Cisco Expressway Series Software Security Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Expressway%20Series%20Software%20Security%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Expressway Series Software Security Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway.<br /> <br /> The vulnerability is due to insufficient access control for TCP traffic passed through the Cisco Expressway. An attacker could exploit this vulnerability by sending a crafted URL through the Cisco Expressway. An exploit could allow the attacker to enumerate hosts and services of arbitrary hosts, as well as degrade performance through the Cisco Expressway.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Expressway Series Software Security Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway.<br /> <br /> The vulnerability is due to insufficient access control for TCP traffic passed through the Cisco Expressway. An attacker could exploit this vulnerability by sending a crafted URL through the Cisco Expressway. An exploit could allow the attacker to enumerate hosts and services of arbitrary hosts, as well as degrade performance through the Cisco Expressway.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9207 Mon, 19 Dec 2016 20:51:57 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20IPv6%20First%20Hop%20Security%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 23, 2015, release of the Cisco IOS and IOS XE Software Security Advisory bundled publication includes three Cisco Security Advisories. All the advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html</a></p> </span> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 23, 2015, release of the Cisco IOS and IOS XE Software Security Advisory bundled publication includes three Cisco Security Advisories. All the advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html</a></p> </span> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-6278,CVE-2015-6279 Thu, 08 Dec 2016 15:19:38 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs Cisco Email Security Appliance Content Filter Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20Content%20Filter%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance Content Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.<br /> <br /> The vulnerability is due to improper filtering of certain TAR format files that are attached to email messages. An attacker could exploit this vulnerability by sending an email message that has a crafted TAR file attachment through an affected device. A successful exploit could allow the attacker to bypass user filters that are configured for the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance Content Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.<br /> <br /> The vulnerability is due to improper filtering of certain TAR format files that are attached to email messages. An attacker could exploit this vulnerability by sending an email message that has a crafted TAR file attachment through an affected device. A successful exploit could allow the attacker to bypass user filters that are configured for the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6465 Wed, 07 Dec 2016 23:32:28 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa Vulnerability in Linux Kernel Affecting Cisco Products: October 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Vulnerability%20in%20Linux%20Kernel%20Affecting%20Cisco%20Products:%20October%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Vulnerability in Linux Kernel Affecting Cisco Products: October 2016" border='0' height='0' width='0'></img>On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain <em>write </em>access to otherwise <em>read-only </em>memory mappings to increase their privileges on the system.<br /> <br /> Cisco has released software updates that address this vulnerability. For information about affected and fixed software releases, consult the Cisco bug IDs in the Vulnerable Products table.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Vulnerability in Linux Kernel Affecting Cisco Products: October 2016" border='0' height='0' width='0'></img>On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain <em>write </em>access to otherwise <em>read-only </em>memory mappings to increase their privileges on the system.<br /> <br /> Cisco has released software updates that address this vulnerability. For information about affected and fixed software releases, consult the Cisco bug IDs in the Vulnerable Products table.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-5195 Wed, 07 Dec 2016 21:31:06 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20Internet%20Key%20Exchange%20Version%202%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. These vulnerabilities can only be triggered by sending malformed IKEv2 packets.<br /> <br /> There are no workarounds for the vulnerabilities described in this advisory. Cisco has released software updates that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. These vulnerabilities can only be triggered by sending malformed IKEv2 packets.<br /> <br /> There are no workarounds for the vulnerabilities described in this advisory. Cisco has released software updates that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-0642,CVE-2015-0643 Wed, 07 Dec 2016 17:03:49 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2 Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20AnyConnect%20Secure%20Mobility%20Client%20Local%20Privilege%20Escalation%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system <em>SYSTEM </em>account.<br /> <br /> The vulnerability is due to incorrect permissions on a system directory at installation. An attacker could exploit this vulnerability by creating a modified interprocess communication (IPC) to the VPN agent process. An exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the <em>SYSTEM </em>account.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system <em>SYSTEM </em>account.<br /> <br /> The vulnerability is due to incorrect permissions on a system directory at installation. An attacker could exploit this vulnerability by creating a modified interprocess communication (IPC) to the VPN agent process. An exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the <em>SYSTEM </em>account.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9192 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1 Cisco Identity Services Engine Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Identity Services Engine Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. <br /> <br /> The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting the malicious code.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Identity Services Engine Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. <br /> <br /> The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting the malicious code.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9214 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1 Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Active%20Directory%20Integration%20Component%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack.<br /> <br /> The vulnerability is due to improper handling of Password Authentication Protocol (PAP) authentication requests when ISE is configured with an authorization policy based on Active Directory group membership. An attacker could exploit this vulnerability by crafting a special but formally correct PAP authentication request that will trigger the issue. An exploit could allow the attacker to cause all subsequent authentication requests for the same Active Directory domain to fail.<br /> <br /> There are workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack.<br /> <br /> The vulnerability is due to improper handling of Password Authentication Protocol (PAP) authentication requests when ISE is configured with an authorization policy based on Active Directory group membership. An attacker could exploit this vulnerability by crafting a special but formally correct PAP authentication request that will trigger the issue. An exploit could allow the attacker to cause all subsequent authentication requests for the same Active Directory domain to fail.<br /> <br /> There are workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9198 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise Cisco IOS XR Software Default Credentials Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Default%20Credentials%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software Default Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the <em>root </em>user.<br /> <br /> The vulnerability is due to a user account that has a default and static password. An attacker could exploit this vulnerability by connecting to the affected system using this default account. An exploit could allow the attacker to log in with the default credentials, allowing the attacker to gain complete control of the underlying operating system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software Default Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the <em>root </em>user.<br /> <br /> The vulnerability is due to a user account that has a default and static password. An attacker could exploit this vulnerability by connecting to the affected system using this default account. An exploit could allow the attacker to log in with the default credentials, allowing the attacker to gain complete control of the underlying operating system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9215 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20Cisco%20IOS%20XE%20Software%20Zone-Based%20Firewall%20Feature%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration.<br /> <br /> The vulnerability is due to a logic flaw in a corner case scenario. An attacker could exploit this vulnerability by sending traffic that would have been dropped by the policy.<br /> <br /> In a Zone-Based Firewall setup, if only one zone pair is defined in the egress direction but there is no reverse zone pair defined in the opposite direction, return traffic should be dropped instead of allowed for traffic subject to the egress action of <em>pass</em>.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration.<br /> <br /> The vulnerability is due to a logic flaw in a corner case scenario. An attacker could exploit this vulnerability by sending traffic that would have been dropped by the policy.<br /> <br /> In a Zone-Based Firewall setup, if only one zone pair is defined in the egress direction but there is no reverse zone pair defined in the opposite direction, return traffic should be dropped instead of allowed for traffic subject to the egress action of <em>pass</em>.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9201 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20HTTP%202.0%20Request%20Handling%20Event%20Service%20Daemon%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (<em>emsd</em>) to crash, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper handling of HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system. An exploit could allow the attacker to cause the <em>emsd </em>to crash.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (<em>emsd</em>) to crash, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper handling of HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system. An exploit could allow the attacker to cause the <em>emsd </em>to crash.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9205 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20SSH%20X.509%20Authentication%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of X.509&nbsp;Version 3 for SSH authentication functionality in Cisco&nbsp;IOS and IOS&nbsp;XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system.<br /> <br /> The vulnerability is due to improper validation of X.509 signatures during the SSH authentication phase. An attacker could exploit this vulnerability by presenting an invalid X.509 signature to an affected system. A successful exploit could allow the attacker to impersonate an existing valid user over an SSH connection.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of X.509&nbsp;Version 3 for SSH authentication functionality in Cisco&nbsp;IOS and IOS&nbsp;XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system.<br /> <br /> The vulnerability is due to improper validation of X.509 signatures during the SSH authentication phase. An attacker could exploit this vulnerability by presenting an invalid X.509 signature to an affected system. A successful exploit could allow the attacker to impersonate an existing valid user over an SSH connection.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6474 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509 Cisco IOS Frame Forwarding Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Frame%20Forwarding%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Frame Forwarding Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco IOS on Catalysts Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm.<br /> <br /> The vulnerability occurs because the software forwards Layer 2 frames that should be consumed by the first hop. An attacker could exploit this vulnerability by injecting the Layer 2 frame into the network segment. An exploit could allow the attacker to cause a Layer 2 network storm and impact the availability of the switches.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Frame Forwarding Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco IOS on Catalysts Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm.<br /> <br /> The vulnerability occurs because the software forwards Layer 2 frames that should be consumed by the first hop. An attacker could exploit this vulnerability by injecting the Layer 2 frame into the network segment. An exploit could allow the attacker to cause a Layer 2 network storm and impact the availability of the switches.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6473 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios Cisco Intercloud Fabric Director Static Credentials Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Intercloud%20Fabric%20Director%20Static%20Credentials%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Intercloud Fabric Director Static Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.<br /> <br /> The vulnerability is due to static credentials for an internal account. An attacker could exploit this vulnerability by using the static credentials for that account to connect to internal services. Note that this is a restricted account that is used to communicate between instances of ICF, and it does not provide GUI or shell access.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Intercloud Fabric Director Static Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.<br /> <br /> The vulnerability is due to static credentials for an internal account. An attacker could exploit this vulnerability by using the static credentials for that account to connect to internal services. Note that this is a restricted account that is used to communicate between instances of ICF, and it does not provide GUI or shell access.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9204 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf Cisco Hybrid Media Service Privilege Escalation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Hybrid%20Media%20Service%20Privilege%20Escalation%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Hybrid Media Service Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the <em>root </em>level. <br /> <br /> The vulnerability is due to incorrect installation and permissions settings on binary files during the Hybrid Media Service installation procedure. An attacker could exploit this vulnerability by logging in to the device and elevating privileges. A successful exploit could allow the attacker to acquire <em>root</em>-level privileges and take full control of the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Hybrid Media Service Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the <em>root </em>level. <br /> <br /> The vulnerability is due to incorrect installation and permissions settings on binary files during the Hybrid Media Service installation procedure. An attacker could exploit this vulnerability by logging in to the device and elevating privileges. A successful exploit could allow the attacker to acquire <em>root</em>-level privileges and take full control of the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6470 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms Cisco FirePOWER Malware Protection Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FirePOWER%20Malware%20Protection%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FirePOWER Malware Protection Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked.<br /> <br /> The vulnerability is due to out-of-order TCP segments (retransmissions out of the current window, which have already been acknowledged) not being properly processed before being passed to HTTP inspection, which for GZIP compressed streams causes GZIP decompression to fail. This results in an incorrect SHA-256 hash being calculated and potential malware not being detected. An attacker could exploit this vulnerability by tricking a user into downloading a file containing malware via HTTP from a specifically prepared server. An exploit could allow the attacker to bypass the malware protection provided by the FirePOWER system software.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FirePOWER Malware Protection Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked.<br /> <br /> The vulnerability is due to out-of-order TCP segments (retransmissions out of the current window, which have already been acknowledged) not being properly processed before being passed to HTTP inspection, which for GZIP compressed streams causes GZIP decompression to fail. This results in an incorrect SHA-256 hash being calculated and potential malware not being detected. An attacker could exploit this vulnerability by tricking a user into downloading a file containing malware via HTTP from a specifically prepared server. An exploit could allow the attacker to bypass the malware protection provided by the FirePOWER system software.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9209 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Management%20Center%20and%20Cisco%20FireSIGHT%20System%20Software%20Malicious%20Software%20Detection%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.<br /> <br /> The vulnerability is due to the incorrect handling of duplicate downloads of malware files. An attacker could exploit this vulnerability by sending an attempt to download a file that contains malware to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.<br /> <br /> The vulnerability is due to the incorrect handling of duplicate downloads of malware files. An attacker could exploit this vulnerability by sending an attempt to download a file that contains malware to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9193 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FireAMP%20Connector%20Endpoint%20Software%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available.<br /> <br /> The vulnerability is due to lack of proper access controls when using systems utilities to troubleshoot certain system processes. An attacker could exploit this vulnerability by authenticating to the application and using the system utilities to stop certain FireAMP processes. An exploit could allow the attacker to stop certain FireAMP processes.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available.<br /> <br /> The vulnerability is due to lack of proper access controls when using systems utilities to troubleshoot certain system processes. An attacker could exploit this vulnerability by authenticating to the application and using the system utilities to stop certain FireAMP processes. An exploit could allow the attacker to stop certain FireAMP processes.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6449 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20SMTP%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin <a href="http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html">Understanding Cross-Site Scripting (XSS) Threat Vectors</a> and the OWASP reference page <a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">Cross-site Scripting (XSS)</a>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin <a href="http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html">Understanding Cross-Site Scripting (XSS) Threat Vectors</a> and the OWASP reference page <a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">Cross-site Scripting (XSS)</a>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9202 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Unified%20Reporting%20Upload%20Tool%20Directory%20Traversal%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system.<br /> <br /> The vulnerability is due to insufficient client-side validation checks. An attacker could exploit this vulnerability by submitting a malicious POST request to the affected system. An exploit could allow the attacker to implant arbitrary files onto the affected system.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system.<br /> <br /> The vulnerability is due to insufficient client-side validation checks. An attacker could exploit this vulnerability by submitting a malicious POST request to the affected system. An exploit could allow the attacker to implant arbitrary files onto the affected system.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9210 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Administration%20Page%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>ccmadmin </em>page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.<br /> <br /> The vulnerability is due to improper sanitization or encoding of user-supplied data by the <em>ccmadmin </em>page of an affected version of CUCM. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.<br /> <br /> Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>ccmadmin </em>page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.<br /> <br /> The vulnerability is due to improper sanitization or encoding of user-supplied data by the <em>ccmadmin </em>page of an affected version of CUCM. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.<br /> <br /> Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9206 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ONS%2015454%20Series%20Multiservice%20Provisioning%20Platforms%20TCP%20Port%20Management%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload.<br /> <br /> The vulnerability is due to a specific TCP port listening on the local management port when it should have been internal only. An attacker could exploit this vulnerability by sending a continuous stream of TCP traffic to the targeted device on the specific TCP port. An exploit could allow the attacker to cause the controller card to unexpectedly reset. The user traffic is not impacted; however, the management port traffic could be briefly disrupted.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload.<br /> <br /> The vulnerability is due to a specific TCP port listening on the local management port when it should have been internal only. An attacker could exploit this vulnerability by sending a continuous stream of TCP traffic to the targeted device on the specific TCP port. An exploit could allow the attacker to cause the controller card to unexpectedly reset. The user traffic is not impacted; however, the management port traffic could be briefly disrupted.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9211 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons Cisco Emergency Responder Directory Traversal Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Emergency%20Responder%20Directory%20Traversal%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Emergency Responder Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device.<br /> <br /> The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Emergency Responder Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device.<br /> <br /> The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9208 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1 Cisco Emergency Responder Cross-Site Request Forgery Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Emergency%20Responder%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Emergency Responder Cross-Site Request Forgery Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.<br /> <br /> The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.<br /> <br /> More information about CSRF is in <a href="http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28726">Understanding Cross-Site Request Forgery Threat Vectors</a>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Emergency Responder Cross-Site Request Forgery Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.<br /> <br /> The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.<br /> <br /> More information about CSRF is in <a href="http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28726">Understanding Cross-Site Request Forgery Threat Vectors</a>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6468 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOx%20Application-Hosting%20Framework%20Directory%20Traversal%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.<br /> <br /> The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework on a targeted system. A successful exploit could allow the attacker to read arbitrary files on the targeted system.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.<br /> <br /> The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework on a targeted system. A successful exploit could allow the attacker to read arbitrary files on the targeted system.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9199 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Security%20Appliances%20AsyncOS%20Software%20Update%20Server%20Certificate%20Validation%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.<br /> <br /> The vulnerability is due to a lack of certificate validation during the HTTPS connection toward the repository from which the update manifests are retrieved. An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) and impersonating the update server.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.<br /> <br /> The vulnerability is due to a lack of certificate validation during the HTTPS connection toward the repository from which the update manifests are retrieved. An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) and impersonating the update server.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1411 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%205000%20Series%20IKEv2%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the <em>ipsecmgr</em> process.<br /> <br /> The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation. An exploit could allow the attacker to cause a crash of the <em>ipsecmgr</em> process, which will restart on its own. Only the connection being negotiated will need to re-establish.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the <em>ipsecmgr</em> process.<br /> <br /> The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation. An exploit could allow the attacker to cause a crash of the <em>ipsecmgr</em> process, which will restart on its own. Only the connection being negotiated will need to re-establish.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9203 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1 Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%205000%20Series%20IPv6%20Packet%20Processing%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. <br /> <br /> The vulnerability is due to lack of proper input validation of the IPv6 fragment lengths. An attacker could exploit this vulnerability by sending a crafted IPv6 fragment chain to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition if the NPU process unexpectedly reloads. The DoS condition could temporarily impact user traffic.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. <br /> <br /> The vulnerability is due to lack of proper input validation of the IPv6 fragment lengths. An attacker could exploit this vulnerability by sending a crafted IPv6 fragment chain to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition if the NPU process unexpectedly reloads. The DoS condition could temporarily impact user traffic.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6467 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr