Cisco Security Advisory https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Network%20Time%20Protocol%20Daemon%20Affecting%20Cisco%20Products:%20April%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.<br /> <br /> On April 26, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details 11 issues regarding DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a system's time. Two of the vulnerabilities disclosed in the NTP security notice address issues that were previously disclosed without a complete fix.<br /> <br /> The new vulnerabilities disclosed in this document are as follows:<br /> <ul> <li>CVE-2016-1547: Network Time Protocol CRYPTO-NAK Denial of Service Vulnerability</li> <li>CVE-2016-1548: Network Time Protocol Interleave-Pivot Denial of Service Vulnerability</li> <li>CVE-2016-1549: Network Time Protocol Sybil Ephemeral Association Attack Vulnerability</li> <li>CVE-2016-1550: Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks</li> <li>CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability</li> <li>CVE-2016-2516: Network Time Protocol Duplicate IPs on Unconfig Directives Will Cause an Assertion Botch in ntpd</li> <li>CVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated</li> <li>CVE-2016-2518: Network Time Protocol Crafted addpeer Causes Array Wraparound with MATCH_ASSOC</li> <li>CVE-2016-2519: Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked</li> </ul> The two vulnerabilities that were were previously disclosed without a complete fix are as follows:<br /> <ul> <li>CVE-2015-8138:&nbsp;Network Time Protocol Zero Origin Timestamp Bypass</li> <li>CVE-2015-7704:&nbsp;Network Time Protocol Packet Processing Denial of Service Vulnerability</li> </ul> Those vulnerabilities were disclosed by Cisco in the following Cisco Security Advisories:<br /> <ul> <li> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp">Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015</a></li> <li> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd">Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016</a></li> </ul> Additional details about each vulnerability are in the <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security">NTP Consortium Security Notice</a>.<br /> <br /> Cisco will release software updates that address these vulnerabilities.<br /> <br /> Workarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product.<br /> <br /> This advisory is available at the following link: <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd</a><br /> <br /> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.<br /> <br /> On April 26, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details 11 issues regarding DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a system's time. Two of the vulnerabilities disclosed in the NTP security notice address issues that were previously disclosed without a complete fix.<br /> <br /> The new vulnerabilities disclosed in this document are as follows:<br /> <ul> <li>CVE-2016-1547: Network Time Protocol CRYPTO-NAK Denial of Service Vulnerability</li> <li>CVE-2016-1548: Network Time Protocol Interleave-Pivot Denial of Service Vulnerability</li> <li>CVE-2016-1549: Network Time Protocol Sybil Ephemeral Association Attack Vulnerability</li> <li>CVE-2016-1550: Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks</li> <li>CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability</li> <li>CVE-2016-2516: Network Time Protocol Duplicate IPs on Unconfig Directives Will Cause an Assertion Botch in ntpd</li> <li>CVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated</li> <li>CVE-2016-2518: Network Time Protocol Crafted addpeer Causes Array Wraparound with MATCH_ASSOC</li> <li>CVE-2016-2519: Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked</li> </ul> The two vulnerabilities that were were previously disclosed without a complete fix are as follows:<br /> <ul> <li>CVE-2015-8138:&nbsp;Network Time Protocol Zero Origin Timestamp Bypass</li> <li>CVE-2015-7704:&nbsp;Network Time Protocol Packet Processing Denial of Service Vulnerability</li> </ul> Those vulnerabilities were disclosed by Cisco in the following Cisco Security Advisories:<br /> <ul> <li> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp">Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015</a></li> <li> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd">Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016</a></li> </ul> Additional details about each vulnerability are in the <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security">NTP Consortium Security Notice</a>.<br /> <br /> Cisco will release software updates that address these vulnerabilities.<br /> <br /> Workarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product.<br /> <br /> This advisory is available at the following link: <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd</a><br /> <br /> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2015-7704,CVE-2015-8138,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519 Fri, 29 Apr 2016 13:24:46 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd Cisco Information Server XML Parser Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Information%20Server%20XML%20Parser%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Information Server XML Parser Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the default configuration of the XML parser component of Cisco&nbsp;Information Server&nbsp;(CIS) could allow an unauthenticated, remote attacker to access sensitive data or cause excessive consumption of system resources, which could cause a denial of service&nbsp;(DoS) condition on a targeted system.<br /> <br /> The vulnerability is due to improper handling of XML External Entities&nbsp;(XXE) by the affected software when the software parses XML files. An attacker could exploit this vulnerability by submitting a crafted XML header to the CIS web framework of an affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Information Server XML Parser Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the default configuration of the XML parser component of Cisco&nbsp;Information Server&nbsp;(CIS) could allow an unauthenticated, remote attacker to access sensitive data or cause excessive consumption of system resources, which could cause a denial of service&nbsp;(DoS) condition on a targeted system.<br /> <br /> The vulnerability is due to improper handling of XML External Entities&nbsp;(XXE) by the affected software when the software parses XML files. An attacker could exploit this vulnerability by submitting a crafted XML header to the CIS web framework of an affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1343 Thu, 28 Apr 2016 15:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Application%20Policy%20Infrastructure%20Controller%20Enterprise%20Module%20Unauthorized%20Access%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the application programming interface (API) of Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, remote attacker to create false system notifications for administrators.<br /> <br /> The vulnerability is due to insufficient protection of API functions. An attacker could exploit this vulnerability by sending modified <em>attribute-value</em> pairs back to the affected system. An exploit could allow the attacker to trick an administrative user into performing a malicious task on behalf of the attacker.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the application programming interface (API) of Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, remote attacker to create false system notifications for administrators.<br /> <br /> The vulnerability is due to insufficient protection of API functions. An attacker could exploit this vulnerability by sending modified <em>attribute-value</em> pairs back to the affected system. An exploit could allow the attacker to trick an administrative user into performing a malicious task on behalf of the attacker.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1386 Thu, 28 Apr 2016 00:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic Cisco WebEx Meetings Server Open Redirect Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meetings%20Server%20Open%20Redirect%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Open Redirect Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco WebEx Meetings Server (CWMS) web interface could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.<br /> <br /> The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. This vulnerability is known as an "Open Redirect Attack" and is used in phishing attacks to get users to visit malicious sites without their knowledge.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Open Redirect Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco WebEx Meetings Server (CWMS) web interface could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.<br /> <br /> The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. This vulnerability is known as an "Open Redirect Attack" and is used in phishing attacks to get users to visit malicious sites without their knowledge.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1389 Thu, 28 Apr 2016 00:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms Multiple Cisco Products libSRTP Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Cisco%20Products%20libSRTP%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Cisco Products libSRTP Denial of Service Vulnerability" border='0' height='0' width='0'></img>Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol (SRTP) library (libSRTP), which addresses a denial of service (DoS) vulnerability. Multiple Cisco products incorporate a vulnerable version of the libSRTP library.<br /> <br /> The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device.<br /> <br /> The impact of this vulnerability on Cisco products may vary depending on the affected product. Details about the impact on each product are outlined in the "Conditions" section of each Cisco bug for this vulnerability. The bug IDs are listed at the top of this advisory and in the table in "Vulnerable Products."<br /> <br /> This advisory is available at the following link: <br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Cisco Products libSRTP Denial of Service Vulnerability" border='0' height='0' width='0'></img>Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol (SRTP) library (libSRTP), which addresses a denial of service (DoS) vulnerability. Multiple Cisco products incorporate a vulnerable version of the libSRTP library.<br /> <br /> The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device.<br /> <br /> The impact of this vulnerability on Cisco products may vary depending on the affected product. Details about the impact on each product are outlined in the "Conditions" section of each Cisco bug for this vulnerability. The bug IDs are listed at the top of this advisory and in the table in "Vulnerable Products."<br /> <br /> This advisory is available at the following link: <br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-6360 Wed, 20 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Software%20DHCPv6%20Relay%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DHCPv6 relay feature of Cisco&nbsp;Adaptive Security Appliance&nbsp;(ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition.<br /> <br /> This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode. Cisco&nbsp;ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. The vulnerability is triggered only by IPv6 traffic.<br /> <br /> This vulnerability affects Cisco&nbsp;ASA Software release 9.4.1 only.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DHCPv6 relay feature of Cisco&nbsp;Adaptive Security Appliance&nbsp;(ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition.<br /> <br /> This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode. Cisco&nbsp;ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. The vulnerability is triggered only by IPv6 traffic.<br /> <br /> This vulnerability affects Cisco&nbsp;ASA Software release 9.4.1 only.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1367 Wed, 20 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6 Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20Management%20Interface%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco&nbsp;Wireless LAN Controller&nbsp;(WLC) devices running Cisco&nbsp;AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco&nbsp;Wireless LAN Controller&nbsp;(WLC) devices running Cisco&nbsp;AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1362 Wed, 20 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20HTTP%20Parsing%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP URL redirect feature of Cisco&nbsp;Wireless LAN Controller&nbsp;(WLC) Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to cause the device to reload, resulting in a DoS condition, or execute arbitrary code on the device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP URL redirect feature of Cisco&nbsp;Wireless LAN Controller&nbsp;(WLC) Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to cause the device to reload, resulting in a DoS condition, or execute arbitrary code on the device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2016-1363 Wed, 20 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd Cisco Wireless LAN Controller Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Bonjour task manager of Cisco&nbsp;Wireless LAN Controller&nbsp;(WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to improper handling of Bonjour traffic by the affected software. An attacker could exploit this vulnerability by sending crafted Bonjour traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless LAN Controller Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Bonjour task manager of Cisco&nbsp;Wireless LAN Controller&nbsp;(WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to improper handling of Bonjour traffic by the affected software. An attacker could exploit this vulnerability by sending crafted Bonjour traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1364 Wed, 20 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos Cisco IOS XR for Cisco ASR 9000 Series Aggregation Services Routers Interface Flap Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-asr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20for%20Cisco%20ASR%209000%20Series%20Aggregation%20Services%20Routers%20Interface%20Flap%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR for Cisco ASR 9000 Series Aggregation Services Routers Interface Flap Vulnerability" border='0' height='0' width='0'></img>A vulnerability in packet processing functions of Cisco IOS XR Software running on Cisco&nbsp;ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause cyclic redundancy check (CRC) and symbol errors on the receiving interface of an affected device, which may lead to an interface flap.<br /> <br /> The vulnerability is due to improper processing of packets that contain certain crafted bit patterns. An attacker could exploit this vulnerability by sending crafted packets to be processed by a line card of an affected device. A successful exploit could allow the attacker to cause CRC and symbol errors on the receiving interface of the device, which may lead to an interface flap.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-asr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR for Cisco ASR 9000 Series Aggregation Services Routers Interface Flap Vulnerability" border='0' height='0' width='0'></img>A vulnerability in packet processing functions of Cisco IOS XR Software running on Cisco&nbsp;ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause cyclic redundancy check (CRC) and symbol errors on the receiving interface of an affected device, which may lead to an interface flap.<br /> <br /> The vulnerability is due to improper processing of packets that contain certain crafted bit patterns. An attacker could exploit this vulnerability by sending crafted packets to be processed by a line card of an affected device. A successful exploit could allow the attacker to cause CRC and symbol errors on the receiving interface of the device, which may lead to an interface flap.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-asr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1376 Wed, 20 Apr 2016 15:13:59 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-asr Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20Cisco%20IOS%20XE%20ntp%20Subsystem%20Unauthorized%20Access%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>ntp </em>subsystem of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to mobilize <em>ntp </em>associations.<br /> <br /> The vulnerability is due to missing authorization checks on certain <em>ntp </em>packets. An attacker could exploit this vulnerability by ingressing malicious packets to the <em>ntp </em>daemon. An exploit could allow the attacker to control the time of the affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>ntp </em>subsystem of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to mobilize <em>ntp </em>associations.<br /> <br /> The vulnerability is due to missing authorization checks on certain <em>ntp </em>packets. An attacker could exploit this vulnerability by ingressing malicious packets to the <em>ntp </em>daemon. An exploit could allow the attacker to control the time of the affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1384 Tue, 19 Apr 2016 00:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Infrastructure%20and%20Evolved%20Programmable%20Network%20Manager%20Privilege%20Escalation%20API%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM)&nbsp;could allow an authenticated,&nbsp;remote attacker to gain elevated privileges.<br /> <br /> The vulnerability is due to improper role-based access control (RBAC) when an unexpected HTTP URL request is received that does not match an expected pattern filter. An&nbsp;attacker could exploit this vulnerability by sending a crafted HTTP request with a modified URL to bypass RBAC settings. An exploit could allow the attacker to gain elevated privileges for the application and gain unauthorized access to data.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds are not available.<br /> <br /> This advisory is available at the following link: <br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM)&nbsp;could allow an authenticated,&nbsp;remote attacker to gain elevated privileges.<br /> <br /> The vulnerability is due to improper role-based access control (RBAC) when an unexpected HTTP URL request is received that does not match an expected pattern filter. An&nbsp;attacker could exploit this vulnerability by sending a crafted HTTP request with a modified URL to bypass RBAC settings. An exploit could allow the attacker to gain elevated privileges for the application and gain unauthorized access to data.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds are not available.<br /> <br /> This advisory is available at the following link: <br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1290 Fri, 15 Apr 2016 20:14:59 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth Cisco Unified Computing System Platform Emulator Command Injection Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Computing%20System%20Platform%20Emulator%20Command%20Injection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Computing System Platform Emulator Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Computing System (UCS) Platform Emulator could allow an authenticated, local attacker to perform a command injection attack.<br /> &nbsp;<br /> The vulnerability occurs because the affected system improperly handles <em>ucspe-copy</em> command-line arguments. An attacker could exploit this vulnerability by using crafted command arguments on the system. An exploit could allow the attacker to perform a command injection attack, which could allow the attacker to execute arbitrary commands on the system.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Computing System Platform Emulator Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Computing System (UCS) Platform Emulator could allow an authenticated, local attacker to perform a command injection attack.<br /> &nbsp;<br /> The vulnerability occurs because the affected system improperly handles <em>ucspe-copy</em> command-line arguments. An attacker could exploit this vulnerability by using crafted command arguments on the system. An exploit could allow the attacker to perform a command injection attack, which could allow the attacker to execute arbitrary commands on the system.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1339 Thu, 14 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1 Cisco Unified Computing System Platform Emulator Filename Argument Handling Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Computing%20System%20Platform%20Emulator%20Filename%20Argument%20Handling%20Buffer%20Overflow%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Computing System Platform Emulator Filename Argument Handling Buffer Overflow Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Unified Computing System (UCS) Platform Emulator could allow an authenticated, local attacker to trigger a heap-based buffer overflow on a targeted system.<br /> <br /> The vulnerability occurs because the affected system improperly handles <em>libclimeta.so</em> filename arguments. An attacker could exploit this vulnerability by sending crafted filename arguments to the system. An exploit could allow the attacker to execute code on the system or cause a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Computing System Platform Emulator Filename Argument Handling Buffer Overflow Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Unified Computing System (UCS) Platform Emulator could allow an authenticated, local attacker to trigger a heap-based buffer overflow on a targeted system.<br /> <br /> The vulnerability occurs because the affected system improperly handles <em>libclimeta.so</em> filename arguments. An attacker could exploit this vulnerability by sending crafted filename arguments to the system. An exploit could allow the attacker to execute code on the system or cause a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1340 Thu, 14 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2 Cisco Catalyst Switches Network Mobility Services Protocol Port Information Disclosure Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Catalyst%20Switches%20Network%20Mobility%20Services%20Protocol%20Port%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Catalyst Switches Network Mobility Services Protocol Port Information Disclosure Vulnerability" border='0' height='0' width='0'></img>Cisco Catalyst Switches running Cisco IOS Software releases prior to 15.2(2)E1 may allow an unauthenticated, remote attacker to retrieve version information about the software release running on the device by accessing the Network Mobility Services Protocol (NMSP) port.<br /> <br /> The vulnerability is due to a failure to properly secure NMSP with authentication, which has been made standard in Cisco IOS Software releases 15.2(2)E1 and later. An attacker could exploit earlier software releases to map the network and gather information for further attacks.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Catalyst Switches Network Mobility Services Protocol Port Information Disclosure Vulnerability" border='0' height='0' width='0'></img>Cisco Catalyst Switches running Cisco IOS Software releases prior to 15.2(2)E1 may allow an unauthenticated, remote attacker to retrieve version information about the software release running on the device by accessing the Network Mobility Services Protocol (NMSP) port.<br /> <br /> The vulnerability is due to a failure to properly secure NMSP with authentication, which has been made standard in Cisco IOS Software releases 15.2(2)E1 and later. An attacker could exploit earlier software releases to map the network and gather information for further attacks.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1378 Wed, 13 Apr 2016 21:35:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Computing%20System%20Central%20Software%20Arbitrary%20Command%20Execution%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.<br /> <br /> The vulnerability is due to improper input validation by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.<br /> <br /> The vulnerability is due to improper input validation by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1352 Wed, 13 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs Cisco Unity Connection Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unity%20Connection%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unity Connection Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.<br /> <br /> The vulnerability is due to insufficient input validation of certain parameters passed via HTTP GET or POST methods. An attacker who can convince a user to follow an attacker-supplied link could cause arbitrary script or HTML code to be executed on the user's browser in the context of the affected site.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unity Connection Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.<br /> <br /> The vulnerability is due to insufficient input validation of certain parameters passed via HTTP GET or POST methods. An attacker who can convince a user to follow an attacker-supplied link could cause arbitrary script or HTML code to be executed on the user's browser in the context of the affected site.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1377 Tue, 12 Apr 2016 18:53:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20March%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016" border='0' height='0' width='0'></img>On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the <em>Decrypting RSA with Obsolete and Weakened eNcryption (DROWN)</em> attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities.<br /> <br /> DROWN is a cross-protocol attack that actively exploits weaknesses in SSL version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol.<br /> <br /> To execute a successful DROWN attack, the attacker must identify a server that supports both SSLv2 and TLS, and uses the same RSA key pair for both protocols. The attacker must also be able to collect TLS traffic for the server. <br /> <br /> This advisory will be updated as additional information becomes available. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016" border='0' height='0' width='0'></img>On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the <em>Decrypting RSA with Obsolete and Weakened eNcryption (DROWN)</em> attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities.<br /> <br /> DROWN is a cross-protocol attack that actively exploits weaknesses in SSL version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol.<br /> <br /> To execute a successful DROWN attack, the attacker must identify a server that supports both SSLv2 and TLS, and uses the same RSA key pair for both protocols. The attacker must also be able to collect TLS traffic for the server. <br /> <br /> This advisory will be updated as additional information becomes available. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-0702,CVE-2016-0703,CVE-2016-0704,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-2842,CVE-2016-2842 Mon, 11 Apr 2016 19:20:45 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IP%20Interoperability%20and%20Collaboration%20System%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework code of Cisco IP Interoperability and Collaboration System could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.<br /> <br /> The vulnerability is due to insufficient XSS protections. An attacker could exploit this vulnerability by persuading a user of an affected system to follow a malicious link.<br /> <br /> Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework code of Cisco IP Interoperability and Collaboration System could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.<br /> <br /> The vulnerability is due to insufficient XSS protections. An attacker could exploit this vulnerability by persuading a user of an affected system to follow a malicious link.<br /> <br /> Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1375 Thu, 07 Apr 2016 14:30:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic Vulnerability in GNU glibc Affecting Cisco Products: February 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Vulnerability%20in%20GNU%20glibc%20Affecting%20Cisco%20Products:%20February%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Vulnerability in GNU glibc Affecting Cisco Products: February 2016" border='0' height='0' width='0'></img>On February 16, 2016, an industry-wide, critical vulnerability in the GNU C library (<em>glibc</em>) was publicly disclosed.<br /> <br /> Multiple Cisco products incorporate a version of <em>glibc </em>that may be&nbsp;affected by the vulnerability. The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer overflow condition that may result in a denial of service (DoS) condition or allow the attacker to execute arbitrary code on an affected device.<br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release software updates that address this vulnerability.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Vulnerability in GNU glibc Affecting Cisco Products: February 2016" border='0' height='0' width='0'></img>On February 16, 2016, an industry-wide, critical vulnerability in the GNU C library (<em>glibc</em>) was publicly disclosed.<br /> <br /> Multiple Cisco products incorporate a version of <em>glibc </em>that may be&nbsp;affected by the vulnerability. The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer overflow condition that may result in a denial of service (DoS) condition or allow the attacker to execute arbitrary code on an affected device.<br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release software updates that address this vulnerability.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-7547 Wed, 06 Apr 2016 20:45:52 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20SCP%20and%20SFTP%20Modules%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Secure Copy Protocol (SCP) and Secure FTP (SFTP) modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper setting of permissions on the filesystem&nbsp;for certain paths that include system files. An attacker could exploit this vulnerability by using either the SCP or SFTP client to overwrite system files on the affected device. An exploit could allow the attacker to overwrite system files and cause a DoS condition.<br /> <br /> Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Secure Copy Protocol (SCP) and Secure FTP (SFTP) modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper setting of permissions on the filesystem&nbsp;for certain paths that include system files. An attacker could exploit this vulnerability by using either the SCP or SFTP client to overwrite system files on the affected device. An exploit could allow the attacker to overwrite system files and cause a DoS condition.<br /> <br /> Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1366 Wed, 06 Apr 2016 18:56:23 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20TelePresence%20Server%20Crafted%20IPv6%20Packet%20Handling%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.2(4.18) could allow an unauthenticated, remote attacker to cause a kernel panic on the device.<br /> <br /> The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A successful exploit could allow an attacker to cause a kernel panic, rebooting the device.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.2(4.18) could allow an unauthenticated, remote attacker to cause a kernel panic on the device.<br /> <br /> The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A successful exploit could allow an attacker to cause a kernel panic, rebooting the device.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1346 Wed, 06 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts Cisco UCS Invicta Default SSH Key Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Invicta%20Default%20SSH%20Key%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Invicta Default SSH Key Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of intra-process communication for Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the <em>root</em> user. <br /> <br /> The vulnerability is due to the presence of a default SSH private key that is stored in an insecure way on the system. An attacker could exploit this vulnerability by obtaining the SSH private key and connecting using the <em>root</em> account to the system without providing a password. An exploit could allow the attacker to gain access to the system with the privileges of the <em>root</em> user.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Invicta Default SSH Key Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of intra-process communication for Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the <em>root</em> user. <br /> <br /> The vulnerability is due to the presence of a default SSH private key that is stored in an insecure way on the system. An attacker could exploit this vulnerability by obtaining the SSH private key and connecting using the <em>root</em> account to the system without providing a password. An exploit could allow the attacker to gain access to the system with the privileges of the <em>root</em> user.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2016-1313 Wed, 06 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Infrastructure%20and%20Evolved%20Programmable%20Network%20Manager%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.<br /> <br /> The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending an HTTP POST with crafted deserialized user data. An exploit could allow the attacker to execute arbitrary code with <em>root</em>-level privileges on the affected system, which could be used to conduct further attacks.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds are not available.<br /> <br /> This advisory is available at the following link: <br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode</a><br /> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.<br /> <br /> The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending an HTTP POST with crafted deserialized user data. An exploit could allow the attacker to execute arbitrary code with <em>root</em>-level privileges on the affected system, which could be used to conduct further attacks.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds are not available.<br /> <br /> This advisory is available at the following link: <br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode</a><br /> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2016-1291 Wed, 06 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20TelePresence%20Server%20Malformed%20STUN%20Packet%20Processing%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device.<br /> <br /> The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability by submitting malformed STUN packets to the device. If successful, the attacker could force the device to reload and drop all calls in the process.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device.<br /> <br /> The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability by submitting malformed STUN packets to the device. If successful, the attacker could force the device to reload and drop all calls in the process.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-6312 Wed, 06 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2 Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20TelePresence%20Server%20Crafted%20URL%20Handling%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco TelePresence Server devices running software versions 4.1(2.29) through 4.2(4.17) could allow an unauthenticated, remote attacker to cause the device to reload.<br /> &nbsp;<br /> The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by sending multiple URL requests to an affected device. The requests will eventually time out because negotiation from the client does not occur; however, each request consumes additional memory, resulting in memory exhaustion that causes the device to crash. If successful, the attacker could utilize all available memory resources, causing the device to reload.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco TelePresence Server devices running software versions 4.1(2.29) through 4.2(4.17) could allow an unauthenticated, remote attacker to cause the device to reload.<br /> &nbsp;<br /> The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by sending multiple URL requests to an affected device. The requests will eventually time out because negotiation from the client does not occur; however, each request consumes additional memory, resulting in memory exhaustion that causes the device to crash. If successful, the attacker could utilize all available memory resources, causing the device to reload.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-6313 Wed, 06 Apr 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1 Cisco Videoscape Distribution Suite for Internet Streaming TCP Session Handling Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Videoscape%20Distribution%20Suite%20for%20Internet%20Streaming%20TCP%20Session%20Handling%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Videoscape Distribution Suite for Internet Streaming TCP Session Handling Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP connection handling when TCP sessions are terminated via a TCP FIN packet for the Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper TCP session management when a TCP session is in TCP FIN waiting state. The device could fail to respond properly to a new TCP SYN packet to start a new TCP connection. An attacker could exploit this vulnerability by sending TCP traffic streams that could terminate the connection with a TCP FIN. An exploit could allow the attacker to cause a partial DoS condition. When a TCP session is in a TCP FIN waiting state, it is possible that new incoming TCP SYN packets will be dropped silently.<br /> <br /> Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Videoscape Distribution Suite for Internet Streaming TCP Session Handling Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP connection handling when TCP sessions are terminated via a TCP FIN packet for the Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper TCP session management when a TCP session is in TCP FIN waiting state. The device could fail to respond properly to a new TCP SYN packet to start a new TCP connection. An attacker could exploit this vulnerability by sending TCP traffic streams that could terminate the connection with a TCP FIN. An exploit could allow the attacker to cause a partial DoS condition. When a TCP session is in a TCP FIN waiting state, it is possible that new incoming TCP SYN packets will be dropped silently.<br /> <br /> Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1353 Mon, 04 Apr 2016 17:56:38 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Domain%20Manager%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to execute a cross-site scripting (XSS) attack.<br /> &nbsp;<br /> The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by convincing a user to access a malicious link. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to execute a cross-site scripting (XSS) attack.<br /> &nbsp;<br /> The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by convincing a user to access a malicious link. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1314 Mon, 04 Apr 2016 12:52:35 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm Cisco Firepower Malware Block Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Malware%20Block%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Malware Block Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.<br /> <br /> The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Malware Block Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.<br /> <br /> The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1345 Wed, 30 Mar 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20(January%202016)%20Affecting%20Cisco%20Products&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products" border='0' height='0' width='0'></img>On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities.<br /> <br /> Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to&nbsp;conduct man-in-the-middle attacks on an SSL/TLS connection.<br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release software updates that address these vulnerabilities.<br /> <br /> Workarounds that address these vulnerabilities are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products" border='0' height='0' width='0'></img>On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities.<br /> <br /> Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to&nbsp;conduct man-in-the-middle attacks on an SSL/TLS connection.<br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release software updates that address these vulnerabilities.<br /> <br /> Workarounds that address these vulnerabilities are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-3197,CVE-2016-0701 Thu, 24 Mar 2016 12:52:08 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Internet%20Key%20Exchange%20Version%202%20Fragmentation%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. <br /> <br /> The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.<br /> <br /> Cisco has released software updates that address this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>.<br /> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. <br /> <br /> The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system.<br /> <br /> <strong>Note:</strong> Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.<br /> <br /> Cisco has released software updates that address this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>.<br /> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1344 Wed, 23 Mar 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2 Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20and%20Cisco%20Unified%20Communications%20Manager%20Software%20Session%20Initiation%20Protocol%20Memory%20Leak%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Initiation Protocol (SIP) gateway implementation in Cisco IOS, IOS XE, and Cisco Unified Communications Manager Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device.<br /> <br /> The vulnerability is due to improper processing of malformed SIP messages. An attacker could exploit this vulnerability by sending malformed SIP messages to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of the affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling SIP on the vulnerable device.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tvce.cisco.com/security/AIMS/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>.<br /> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Initiation Protocol (SIP) gateway implementation in Cisco IOS, IOS XE, and Cisco Unified Communications Manager Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device.<br /> <br /> The vulnerability is due to improper processing of malformed SIP messages. An attacker could exploit this vulnerability by sending malformed SIP messages to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of the affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling SIP on the vulnerable device.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tvce.cisco.com/security/AIMS/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>.<br /> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1350 Wed, 23 Mar 2016 18:30:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20NX-OS%20Software%20Locator/ID%20Separation%20Protocol%20Packet%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Locator/ID Separation Protocol (LISP) of Cisco IOS Software running on the Cisco&nbsp;Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series&nbsp;Gigabit Ethernet Module&nbsp;could allow an unauthenticated, remote attacker to cause a reload of the vulnerable device.<br /> <br /> The vulnerability is due to a lack of proper input validation when a malformed LISP packet header is received.&nbsp;An attacker could exploit this vulnerability by sending a malformed LISP packet on UDP port 4341.&nbsp;An exploit could allow the attacker to cause a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <br /> &nbsp;<a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>. <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Locator/ID Separation Protocol (LISP) of Cisco IOS Software running on the Cisco&nbsp;Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series&nbsp;Gigabit Ethernet Module&nbsp;could allow an unauthenticated, remote attacker to cause a reload of the vulnerable device.<br /> <br /> The vulnerability is due to a lack of proper input validation when a malformed LISP packet header is received.&nbsp;An attacker could exploit this vulnerability by sending a malformed LISP packet on UDP port 4341.&nbsp;An exploit could allow the attacker to cause a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <br /> &nbsp;<a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>. <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1351 Wed, 23 Mar 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20DHCPv6%20Relay%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DHCP version 6 (DHCPv6) relay feature of Cisco&nbsp;IOS and IOS&nbsp;XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> The vulnerability is due to insufficient validation of DHCPv6 relay messages. An attacker could exploit this vulnerability by sending a crafted DHCPv6 relay message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>. <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DHCP version 6 (DHCPv6) relay feature of Cisco&nbsp;IOS and IOS&nbsp;XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> The vulnerability is due to insufficient validation of DHCPv6 relay messages. An attacker could exploit this vulnerability by sending a crafted DHCPv6 relay message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>. <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1348 Wed, 23 Mar 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6 Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Smart%20Install%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability" border='0' height='0' width='0'></img>The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the vulnerable device.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>.<br /> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability" border='0' height='0' width='0'></img>The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the vulnerable device.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>.<br /> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1349 Wed, 23 Mar 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Wide%20Area%20Application%20Services%20Express%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Wide Area Application Services&nbsp;(WAAS) Express feature of Cisco&nbsp;IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> The vulnerability is due to insufficient validation of TCP segments. An attacker could exploit this vulnerability by routing a crafted TCP segment through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a denial of service (DoS) condition.<br /> <br /> To exploit this vulnerability, the attacker needs to route a crafted TCP segment through an egress interface of a device because the vulnerable function is an output feature of the software. In addition, the WAAS Express feature must be enabled on the interface, typically a WAN interface. In most deployments, this means crafted traffic must be initiated from within a device to exploit the vulnerability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>. <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Wide Area Application Services&nbsp;(WAAS) Express feature of Cisco&nbsp;IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> The vulnerability is due to insufficient validation of TCP segments. An attacker could exploit this vulnerability by routing a crafted TCP segment through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a denial of service (DoS) condition.<br /> <br /> To exploit this vulnerability, the attacker needs to route a crafted TCP segment through an egress interface of a device because the vulnerable function is an output feature of the software. In addition, the WAAS Express feature must be enabled on the interface, typically a WAN interface. In most deployments, this means crafted traffic must be initiated from within a device to exploit the vulnerability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f</a><br /> <br /> This advisory is part of the March 23, 2016, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see <a href="http://www.cisco.com/c/en/us/about/security-center/event-response/cisco-erp-march-2016.html">Cisco Event Response: Semiannual Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication</a>. <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1347 Wed, 23 Mar 2016 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f Cisco Prime Infrastructure XML External Entity Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Infrastructure%20XML%20External%20Entity%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure XML External Entity Denial of Service Vulnerability " border='0' height='0' width='0'></img>A vulnerability in the web-based user interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to have read access to confidential information stored in the affected system. In addition, the attacker could cause a partial denial of service (DoS) condition due to manipulation of system resources.<br /> <br /> The vulnerability is due to improper handling of XML External Entity (XXE) when parsing an XML file. An attacker could exploit this vulnerability by convincing the authenticated administrator of the affected system to import a crafted XML file. An exploit could allow the attacker to view confidential files or cause a DoS condition.<br /> <br /> Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Infrastructure XML External Entity Denial of Service Vulnerability " border='0' height='0' width='0'></img>A vulnerability in the web-based user interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to have read access to confidential information stored in the affected system. In addition, the attacker could cause a partial denial of service (DoS) condition due to manipulation of system resources.<br /> <br /> The vulnerability is due to improper handling of XML External Entity (XXE) when parsing an XML file. An attacker could exploit this vulnerability by convincing the authenticated administrator of the affected system to import a crafted XML file. An exploit could allow the attacker to view confidential files or cause a DoS condition.<br /> <br /> Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1358 Tue, 22 Mar 2016 20:20:58 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Gigabit%20Switch%20Router%2012000%20Series%20Routers%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the ASIC UDP ingress receive function of Cisco Gigabit Switch Router (GSR) 12000 Series Routers could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when one line card in the router unexpectedly restarts.<br /> <br /> The vulnerability is due to improper input validation for the presence of a Bidirectional Forwarding Detection (BFD) header on the UDP packet. An attacker could exploit this vulnerability by sending a crafted UDP packet with a specific UDP port range to the affected device. An exploit could allow the attacker to cause a partial denial of service condition when a line card unexpectedly restarts.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the ASIC UDP ingress receive function of Cisco Gigabit Switch Router (GSR) 12000 Series Routers could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when one line card in the router unexpectedly restarts.<br /> <br /> The vulnerability is due to improper input validation for the presence of a Bidirectional Forwarding Detection (BFD) header on the UDP packet. An attacker could exploit this vulnerability by sending a crafted UDP packet with a specific UDP port range to the affected device. An exploit could allow the attacker to cause a partial denial of service condition when a line card unexpectedly restarts.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1361 Fri, 11 Mar 2016 14:49:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr Cisco Prime LAN Management Solution Default Decryption Key Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20LAN%20Management%20Solution%20Default%20Decryption%20Key%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime LAN Management Solution Default Decryption Key Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Prime LAN Management Solution (LMS) could allow an authenticated, local attacker to decrypt and access data fields in LMS databases that are used to manage devices in Cisco networks.<br /> <br /> The vulnerability is due to the presence of a default database decryption key that is shared across installations of Cisco Prime LMS. An authenticated, local attacker who has both local connectivity to the console and a valid account on the operating system of a device on which LMS is installed could exploit this vulnerability by obtaining the default, hard-coded key from the device file system. The attacker could use the key to connect to and decrypt all the data in the LMS database that is used to managed devices in the network, and access all the fields in the database. After obtaining the key, the attacker can use the key to access the database locally or via a remote connection to LMS.<br /> <br /> Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime LAN Management Solution Default Decryption Key Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Prime LAN Management Solution (LMS) could allow an authenticated, local attacker to decrypt and access data fields in LMS databases that are used to manage devices in Cisco networks.<br /> <br /> The vulnerability is due to the presence of a default database decryption key that is shared across installations of Cisco Prime LMS. An authenticated, local attacker who has both local connectivity to the console and a valid account on the operating system of a device on which LMS is installed could exploit this vulnerability by obtaining the default, hard-coded key from the device file system. The attacker could use the key to connect to and decrypt all the data in the LMS database that is used to managed devices in the network, and access all the fields in the database. After obtaining the key, the attacker can use the key to access the database locally or via a remote connection to LMS.<br /> <br /> Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1360 Thu, 10 Mar 2016 08:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20Residential%20Gateway%20with%20EDVA%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and restart, creating a denial of service (DoS) condition.<br /> &nbsp;<br /> The vulnerability is due to improper handling, processing, and termination of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to management-enabled interfaces of an affected system.<br /> <br /> Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and restart, creating a denial of service (DoS) condition.<br /> &nbsp;<br /> The vulnerability is due to improper handling, processing, and termination of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to management-enabled interfaces of an affected system.<br /> <br /> Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1326 Wed, 09 Mar 2016 16:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos Cisco Wireless Residential Gateway Information Disclosure Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20Residential%20Gateway%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless Residential Gateway Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device.&nbsp; <br /> <br /> The vulnerability is caused by improper access restrictions implemented on the affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.<br /> <br /> <span class="more">Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.</span><br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Wireless Residential Gateway Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device.&nbsp; <br /> <br /> The vulnerability is caused by improper access restrictions implemented on the affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.<br /> <br /> <span class="more">Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.</span><br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1325 Wed, 09 Mar 2016 16:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASA%20Content%20Security%20and%20Control%20Security%20Services%20Module%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module (CSC-SSM) could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. <br /> <br /> The vulnerability is due to improper handling of HTTPS packets transiting through the affected system. An attacker could exploit this vulnerability by sending HTTPS packets through the affected system at high rate.&nbsp;<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module (CSC-SSM) could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. <br /> <br /> The vulnerability is due to improper handling of HTTPS packets transiting through the affected system. An attacker could exploit this vulnerability by sending HTTPS packets through the affected system at high rate.&nbsp;<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1312 Wed, 09 Mar 2016 16:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Cable%20Modem%20with%20Digital%20Voice%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.<br /> <br /> The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.<br /> <br /> Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.<br /> <br /> The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.<br /> <br /> Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1327 Wed, 09 Mar 2016 16:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre Cisco TelePresence Video Communication Server Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20TelePresence%20Video%20Communication%20Server%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco TelePresence Video Communication Server Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Initiation Protocol (SIP) message handling process of Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to incorrect processing of specific incoming SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP message to an affected device. A successful exploit could allow the attacker to cause the device to stop processing VoIP calls.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco TelePresence Video Communication Server Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Initiation Protocol (SIP) message handling process of Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to incorrect processing of specific incoming SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP message to an affected device. A successful exploit could allow the attacker to cause the device to stop processing VoIP calls.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1338 Wed, 09 Mar 2016 14:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Nexus%203000%20Series%20and%203500%20Platform%20Switches%20Insecure%20Default%20Credentials%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the <em>root </em>user with bash shell access.<br /> &nbsp;<br /> The vulnerability is due to a user account that has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by connecting to the affected system using this default account. The account can be used to authenticate remotely to the device via Telnet (or SSH on a specific release) and locally on the serial console.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are available.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the <em>root </em>user with bash shell access.<br /> &nbsp;<br /> The vulnerability is due to a user account that has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by connecting to the affected system using this default account. The account can be used to authenticate remotely to the device via Telnet (or SSH on a specific release) and locally on the serial console.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are available.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2016-1329 Tue, 08 Mar 2016 17:55:21 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Network%20Time%20Protocol%20Daemon%20Affecting%20Cisco%20Products:%20January%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.<br /> <br /> On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in this document are as follows:<br /> <ul> <li>CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability </li> <li>CVE-2015-7974: Network Time Protocol Missing Trusted Key Check</li> <li>CVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check</li> <li>CVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames</li> <li>CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability</li> <li>CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service</li> <li>CVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service </li> <li>CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass</li> <li>CVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp</li> <li>CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack</li> <li>CVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop</li> </ul> Additional details on each of the vulnerabilities are in the official security advisory from the NTP Consortium at Network Time Foundation at the following link: <a href="http://nwtime.org/security-policy/">Security Notice</a><br /> <br /> Cisco has released software updates that address these vulnerabilities.<br /> <br /> Workarounds that address some of these vulnerabilities may be available. Available workarounds will be documented in the corresponding Cisco bug for each affected product.&nbsp;<br /> <br /> This advisory is available at the following link:<br /> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd <br /> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.<br /> <br /> On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in this document are as follows:<br /> <ul> <li>CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability </li> <li>CVE-2015-7974: Network Time Protocol Missing Trusted Key Check</li> <li>CVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check</li> <li>CVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames</li> <li>CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability</li> <li>CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service</li> <li>CVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service </li> <li>CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass</li> <li>CVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp</li> <li>CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack</li> <li>CVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop</li> </ul> Additional details on each of the vulnerabilities are in the official security advisory from the NTP Consortium at Network Time Foundation at the following link: <a href="http://nwtime.org/security-policy/">Security Notice</a><br /> <br /> Cisco has released software updates that address these vulnerabilities.<br /> <br /> Workarounds that address some of these vulnerabilities may be available. Available workarounds will be documented in the corresponding Cisco bug for each affected product.&nbsp;<br /> <br /> This advisory is available at the following link:<br /> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd <br /> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158 Mon, 07 Mar 2016 14:02:40 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20TCP%20Netstack%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a <em>TIME_WAIT </em>state. An attacker could exploit this vulnerability by sending a specific TCP packet to an affected device on a TCP session that is already in a <em>TIME_WAIT </em>state. An exploit could allow the attacker to cause a reload of the TCP stack on the affected device, resulting in a DoS condition.<br /> <br /> This vulnerability can be exploited using either IPv4 or IPv6 packets. The vulnerability can be triggered by a crafted sequence of TCP packets destined for TCP ports listening on the device. The packets may use the IPv4 or IPv6 unicast address of any interface configured on the device.<br /> <br /> This vulnerability can be triggered only by traffic destined to an affected device and cannot be exploited using traffic that transits an affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a <em>TIME_WAIT </em>state. An attacker could exploit this vulnerability by sending a specific TCP packet to an affected device on a TCP session that is already in a <em>TIME_WAIT </em>state. An exploit could allow the attacker to cause a reload of the TCP stack on the affected device, resulting in a DoS condition.<br /> <br /> This vulnerability can be exploited using either IPv4 or IPv6 packets. The vulnerability can be triggered by a crafted sequence of TCP packets destined for TCP ports listening on the device. The packets may use the IPv4 or IPv6 unicast address of any interface configured on the device.<br /> <br /> This vulnerability can be triggered only by traffic destined to an affected device and cannot be exploited using traffic that transits an affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-0718 Thu, 03 Mar 2016 14:43:52 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20SNMP%20Packet%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco&nbsp;Nexus 5500 Platform Switches, Cisco&nbsp;Nexus 5600 Platform Switches, and Cisco&nbsp;Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly.<br /> <br /> The vulnerability is due to improper validation of SNMP Protocol Data Units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device, which could cause the SNMP application on the device to restart. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.<br /> <br /> Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco&nbsp;Nexus 5500 Platform Switches, Cisco&nbsp;Nexus 5600 Platform Switches, and Cisco&nbsp;Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly.<br /> <br /> The vulnerability is due to improper validation of SNMP Protocol Data Units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device, which could cause the SNMP application on the device to restart. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.<br /> <br /> Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-6260 Wed, 02 Mar 2016 16:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Web%20Security%20Appliance%20HTTPS%20Packet%20Processing%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web proxy framework of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker with the ability to negotiate a secure connection from within the trusted network to cause a denial of service (DoS) condition on the affected device.<br /> &nbsp;<br /> The vulnerability is due to incorrect processing of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS request packet through the affected device. A successful exploit could allow an attacker to create a DoS condition, causing all requests traversing the WSA to be dropped. The condition is temporary and no manual intervention is required to restore functionality.<br /><br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web proxy framework of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker with the ability to negotiate a secure connection from within the trusted network to cause a denial of service (DoS) condition on the affected device.<br /> &nbsp;<br /> The vulnerability is due to incorrect processing of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS request packet through the affected device. A successful exploit could allow an attacker to create a DoS condition, causing all requests traversing the WSA to be dropped. The condition is temporary and no manual intervention is required to restore functionality.<br /><br /> Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-1288 Wed, 02 Mar 2016 16:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa Cisco Policy Suite Confidential Information Disclosure Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-psc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Policy%20Suite%20Confidential%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Policy Suite Confidential Information Disclosure Vulnerability " border='0' height='0' width='0'></img>A vulnerability in password management administration of the Cisco Policy Suite (CPS) application could allow an unauthenticated, remote attacker to gain read-only access to information that is confidential and should have restricted access.<br /> <br /> The vulnerability is due to the lack of a proper role-based access control (RBAC) implementation. An attacker could exploit this vulnerability by remotely connecting to an affected Cisco CPS system. An exploit could allow the attacker to gain read-only access to information that should have restricted access.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-psc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-psc</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Policy Suite Confidential Information Disclosure Vulnerability " border='0' height='0' width='0'></img>A vulnerability in password management administration of the Cisco Policy Suite (CPS) application could allow an unauthenticated, remote attacker to gain read-only access to information that is confidential and should have restricted access.<br /> <br /> The vulnerability is due to the lack of a proper role-based access control (RBAC) implementation. An attacker could exploit this vulnerability by remotely connecting to an affected Cisco CPS system. An exploit could allow the attacker to gain read-only access to information that should have restricted access.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-psc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-psc</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1357 Wed, 02 Mar 2016 15:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-psc