Cisco Security Advisory https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20IPv6%20First%20Hop%20Security%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 23, 2015, release of the Cisco IOS and IOS XE Software Security Advisory bundled publication includes three Cisco Security Advisories. All the advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html</a></p> </span> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 23, 2015, release of the Cisco IOS and IOS XE Software Security Advisory bundled publication includes three Cisco Security Advisories. All the advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html</a></p> </span> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-6278,CVE-2015-6279 Thu, 08 Dec 2016 15:19:38 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs Cisco Email Security Appliance Content Filter Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20Content%20Filter%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance Content Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.<br /> <br /> The vulnerability is due to improper filtering of certain TAR format files that are attached to email messages. An attacker could exploit this vulnerability by sending an email message that has a crafted TAR file attachment through an affected device. A successful exploit could allow the attacker to bypass user filters that are configured for the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance Content Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.<br /> <br /> The vulnerability is due to improper filtering of certain TAR format files that are attached to email messages. An attacker could exploit this vulnerability by sending an email message that has a crafted TAR file attachment through an affected device. A successful exploit could allow the attacker to bypass user filters that are configured for the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6465 Wed, 07 Dec 2016 23:32:28 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa Vulnerability in Linux Kernel Affecting Cisco Products: October 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Vulnerability%20in%20Linux%20Kernel%20Affecting%20Cisco%20Products:%20October%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Vulnerability in Linux Kernel Affecting Cisco Products: October 2016" border='0' height='0' width='0'></img>On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain <em>write </em>access to otherwise <em>read-only </em>memory mappings to increase their privileges on the system.<br /> <br /> Cisco has released software updates that address this vulnerability. For information about affected and fixed software releases, consult the Cisco bug IDs in the Vulnerable Products table.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Vulnerability in Linux Kernel Affecting Cisco Products: October 2016" border='0' height='0' width='0'></img>On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain <em>write </em>access to otherwise <em>read-only </em>memory mappings to increase their privileges on the system.<br /> <br /> Cisco has released software updates that address this vulnerability. For information about affected and fixed software releases, consult the Cisco bug IDs in the Vulnerable Products table.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-5195 Wed, 07 Dec 2016 21:31:06 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20Internet%20Key%20Exchange%20Version%202%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. These vulnerabilities can only be triggered by sending malformed IKEv2 packets.<br /> <br /> There are no workarounds for the vulnerabilities described in this advisory. Cisco has released software updates that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. These vulnerabilities can only be triggered by sending malformed IKEv2 packets.<br /> <br /> There are no workarounds for the vulnerabilities described in this advisory. Cisco has released software updates that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> <br/>Security Impact Rating: High <br/>CVE: CVE-2015-0642,CVE-2015-0643 Wed, 07 Dec 2016 17:03:49 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2 Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20AnyConnect%20Secure%20Mobility%20Client%20Local%20Privilege%20Escalation%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system <em>SYSTEM </em>account.<br /> <br /> The vulnerability is due to incorrect permissions on a system directory at installation. An attacker could exploit this vulnerability by creating a modified interprocess communication (IPC) to the VPN agent process. An exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the <em>SYSTEM </em>account.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system <em>SYSTEM </em>account.<br /> <br /> The vulnerability is due to incorrect permissions on a system directory at installation. An attacker could exploit this vulnerability by creating a modified interprocess communication (IPC) to the VPN agent process. An exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the <em>SYSTEM </em>account.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9192 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1 Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Web%20Security%20Appliance%20Drop%20Decrypt%20Policy%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>Decrypt for End-User Notification</em> configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website.<br /> <br /> The vulnerability is due to incomplete input validation of HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to connect to a website that should be blocked.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>Decrypt for End-User Notification</em> configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website.<br /> <br /> The vulnerability is due to incomplete input validation of HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to connect to a website that should be blocked.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9212 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1 Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Web%20Security%20Appliance%20HTTP%20URL%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting.<br /> <br /> The vulnerability is due to improper input validation of the HTTP URL string. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition due to the proxy process restarting.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting.<br /> <br /> The vulnerability is due to improper input validation of the HTTP URL string. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition due to the proxy process restarting.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6469 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa Cisco Firepower Management Center Information Disclosure Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Management%20Center%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Management Center Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password.<br /> <br /> The vulnerability is due to improper masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration screens. An exploit could allow the attacker to view the Remote Storage Password. The attacker could use the Remote Storage Password to conduct additional reconnaissance attacks<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Management Center Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password.<br /> <br /> The vulnerability is due to improper masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration screens. An exploit could allow the attacker to view the Remote Storage Password. The attacker could use the Remote Storage Password to conduct additional reconnaissance attacks<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6471 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20IM%20and%20Presence%20Service%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted.<br /> <br /> The vulnerability is due to a lack of proper input validation performed on the HTTP packet header. An attacker could exploit this vulnerability by sending a crafted packet to the targeted device. An exploit could allow the attacker to view web pages that should have been restricted.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted.<br /> <br /> The vulnerability is due to a lack of proper input validation performed on the HTTP packet header. An attacker could exploit this vulnerability by sending a crafted packet to the targeted device. An exploit could allow the attacker to view web pages that should have been restricted.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6464 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Collaboration%20Assurance%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. <br /> <br /> The vulnerability is due to insufficient input validation of some parameters that are passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. <br /> <br /> The vulnerability is due to insufficient input validation of some parameters that are passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9200 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca Cisco Identity Services Engine Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Identity Services Engine Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. <br /> <br /> The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting the malicious code.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Identity Services Engine Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. <br /> <br /> The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting the malicious code.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9214 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1 Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Active%20Directory%20Integration%20Component%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack.<br /> <br /> The vulnerability is due to improper handling of Password Authentication Protocol (PAP) authentication requests when ISE is configured with an authorization policy based on Active Directory group membership. An attacker could exploit this vulnerability by crafting a special but formally correct PAP authentication request that will trigger the issue. An exploit could allow the attacker to cause all subsequent authentication requests for the same Active Directory domain to fail.<br /> <br /> There are workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack.<br /> <br /> The vulnerability is due to improper handling of Password Authentication Protocol (PAP) authentication requests when ISE is configured with an authorization policy based on Active Directory group membership. An attacker could exploit this vulnerability by crafting a special but formally correct PAP authentication request that will trigger the issue. An exploit could allow the attacker to cause all subsequent authentication requests for the same Active Directory domain to fail.<br /> <br /> There are workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9198 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise Cisco IOS XR Software Default Credentials Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Default%20Credentials%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software Default Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the <em>root </em>user.<br /> <br /> The vulnerability is due to a user account that has a default and static password. An attacker could exploit this vulnerability by connecting to the affected system using this default account. An exploit could allow the attacker to log in with the default credentials, allowing the attacker to gain complete control of the underlying operating system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software Default Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the <em>root </em>user.<br /> <br /> The vulnerability is due to a user account that has a default and static password. An attacker could exploit this vulnerability by connecting to the affected system using this default account. An exploit could allow the attacker to log in with the default credentials, allowing the attacker to gain complete control of the underlying operating system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9215 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20Cisco%20IOS%20XE%20Software%20Zone-Based%20Firewall%20Feature%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration.<br /> <br /> The vulnerability is due to a logic flaw in a corner case scenario. An attacker could exploit this vulnerability by sending traffic that would have been dropped by the policy.<br /> <br /> In a Zone-Based Firewall setup, if only one zone pair is defined in the egress direction but there is no reverse zone pair defined in the opposite direction, return traffic should be dropped instead of allowed for traffic subject to the egress action of <em>pass</em>.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration.<br /> <br /> The vulnerability is due to a logic flaw in a corner case scenario. An attacker could exploit this vulnerability by sending traffic that would have been dropped by the policy.<br /> <br /> In a Zone-Based Firewall setup, if only one zone pair is defined in the egress direction but there is no reverse zone pair defined in the opposite direction, return traffic should be dropped instead of allowed for traffic subject to the egress action of <em>pass</em>.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9201 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20HTTP%202.0%20Request%20Handling%20Event%20Service%20Daemon%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (<em>emsd</em>) to crash, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper handling of HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system. An exploit could allow the attacker to cause the <em>emsd </em>to crash.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (<em>emsd</em>) to crash, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper handling of HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP 2.0 requests to the targeted system. An exploit could allow the attacker to cause the <em>emsd </em>to crash.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9205 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20SSH%20X.509%20Authentication%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of X.509&nbsp;Version 3 for SSH authentication functionality in Cisco&nbsp;IOS and IOS&nbsp;XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system.<br /> <br /> The vulnerability is due to improper validation of X.509 signatures during the SSH authentication phase. An attacker could exploit this vulnerability by presenting an invalid X.509 signature to an affected system. A successful exploit could allow the attacker to impersonate an existing valid user over an SSH connection.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of X.509&nbsp;Version 3 for SSH authentication functionality in Cisco&nbsp;IOS and IOS&nbsp;XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system.<br /> <br /> The vulnerability is due to improper validation of X.509 signatures during the SSH authentication phase. An attacker could exploit this vulnerability by presenting an invalid X.509 signature to an affected system. A successful exploit could allow the attacker to impersonate an existing valid user over an SSH connection.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6474 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509 Cisco IOS Frame Forwarding Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Frame%20Forwarding%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Frame Forwarding Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco IOS on Catalysts Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm.<br /> <br /> The vulnerability occurs because the software forwards Layer 2 frames that should be consumed by the first hop. An attacker could exploit this vulnerability by injecting the Layer 2 frame into the network segment. An exploit could allow the attacker to cause a Layer 2 network storm and impact the availability of the switches.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Frame Forwarding Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco IOS on Catalysts Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm.<br /> <br /> The vulnerability occurs because the software forwards Layer 2 frames that should be consumed by the first hop. An attacker could exploit this vulnerability by injecting the Layer 2 frame into the network segment. An exploit could allow the attacker to cause a Layer 2 network storm and impact the availability of the switches.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6473 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios Cisco Intercloud Fabric Director Static Credentials Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Intercloud%20Fabric%20Director%20Static%20Credentials%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Intercloud Fabric Director Static Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.<br /> <br /> The vulnerability is due to static credentials for an internal account. An attacker could exploit this vulnerability by using the static credentials for that account to connect to internal services. Note that this is a restricted account that is used to communicate between instances of ICF, and it does not provide GUI or shell access.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Intercloud Fabric Director Static Credentials Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.<br /> <br /> The vulnerability is due to static credentials for an internal account. An attacker could exploit this vulnerability by using the static credentials for that account to connect to internal services. Note that this is a restricted account that is used to communicate between instances of ICF, and it does not provide GUI or shell access.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9204 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf Cisco Hybrid Media Service Privilege Escalation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Hybrid%20Media%20Service%20Privilege%20Escalation%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Hybrid Media Service Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the <em>root </em>level. <br /> <br /> The vulnerability is due to incorrect installation and permissions settings on binary files during the Hybrid Media Service installation procedure. An attacker could exploit this vulnerability by logging in to the device and elevating privileges. A successful exploit could allow the attacker to acquire <em>root</em>-level privileges and take full control of the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Hybrid Media Service Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the <em>root </em>level. <br /> <br /> The vulnerability is due to incorrect installation and permissions settings on binary files during the Hybrid Media Service installation procedure. An attacker could exploit this vulnerability by logging in to the device and elevating privileges. A successful exploit could allow the attacker to acquire <em>root</em>-level privileges and take full control of the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6470 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms Cisco FirePOWER Malware Protection Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FirePOWER%20Malware%20Protection%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FirePOWER Malware Protection Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked.<br /> <br /> The vulnerability is due to out-of-order TCP segments (retransmissions out of the current window, which have already been acknowledged) not being properly processed before being passed to HTTP inspection, which for GZIP compressed streams causes GZIP decompression to fail. This results in an incorrect SHA-256 hash being calculated and potential malware not being detected. An attacker could exploit this vulnerability by tricking a user into downloading a file containing malware via HTTP from a specifically prepared server. An exploit could allow the attacker to bypass the malware protection provided by the FirePOWER system software.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FirePOWER Malware Protection Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked.<br /> <br /> The vulnerability is due to out-of-order TCP segments (retransmissions out of the current window, which have already been acknowledged) not being properly processed before being passed to HTTP inspection, which for GZIP compressed streams causes GZIP decompression to fail. This results in an incorrect SHA-256 hash being calculated and potential malware not being detected. An attacker could exploit this vulnerability by tricking a user into downloading a file containing malware via HTTP from a specifically prepared server. An exploit could allow the attacker to bypass the malware protection provided by the FirePOWER system software.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9209 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Management%20Center%20and%20Cisco%20FireSIGHT%20System%20Software%20Malicious%20Software%20Detection%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.<br /> <br /> The vulnerability is due to the incorrect handling of duplicate downloads of malware files. An attacker could exploit this vulnerability by sending an attempt to download a file that contains malware to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.<br /> <br /> The vulnerability is due to the incorrect handling of duplicate downloads of malware files. An attacker could exploit this vulnerability by sending an attempt to download a file that contains malware to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9193 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FireAMP%20Connector%20Endpoint%20Software%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available.<br /> <br /> The vulnerability is due to lack of proper access controls when using systems utilities to troubleshoot certain system processes. An attacker could exploit this vulnerability by authenticating to the application and using the system utilities to stop certain FireAMP processes. An exploit could allow the attacker to stop certain FireAMP processes.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available.<br /> <br /> The vulnerability is due to lack of proper access controls when using systems utilities to troubleshoot certain system processes. An attacker could exploit this vulnerability by authenticating to the application and using the system utilities to stop certain FireAMP processes. An exploit could allow the attacker to stop certain FireAMP processes.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6449 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp Cisco Expressway Series Software Security Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Expressway%20Series%20Software%20Security%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Expressway Series Software Security Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway.<br /> <br /> The vulnerability is due to insufficient access control for TCP traffic passed through the Cisco Expressway. An attacker could exploit this vulnerability by sending a crafted URL through the Cisco Expressway. An exploit could allow the attacker to enumerate hosts and services of arbitrary hosts, as well as degrade performance through the Cisco Expressway.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Expressway Series Software Security Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway.<br /> <br /> The vulnerability is due to insufficient access control for TCP traffic passed through the Cisco Expressway. An attacker could exploit this vulnerability by sending a crafted URL through the Cisco Expressway. An exploit could allow the attacker to enumerate hosts and services of arbitrary hosts, as well as degrade performance through the Cisco Expressway.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9207 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20SMTP%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin <a href="http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html">Understanding Cross-Site Scripting (XSS) Threat Vectors</a> and the OWASP reference page <a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">Cross-site Scripting (XSS)</a>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin <a href="http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html">Understanding Cross-Site Scripting (XSS) Threat Vectors</a> and the OWASP reference page <a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">Cross-site Scripting (XSS)</a>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9202 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Unified%20Reporting%20Upload%20Tool%20Directory%20Traversal%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system.<br /> <br /> The vulnerability is due to insufficient client-side validation checks. An attacker could exploit this vulnerability by submitting a malicious POST request to the affected system. An exploit could allow the attacker to implant arbitrary files onto the affected system.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system.<br /> <br /> The vulnerability is due to insufficient client-side validation checks. An attacker could exploit this vulnerability by submitting a malicious POST request to the affected system. An exploit could allow the attacker to implant arbitrary files onto the affected system.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9210 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Administration%20Page%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>ccmadmin </em>page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.<br /> <br /> The vulnerability is due to improper sanitization or encoding of user-supplied data by the <em>ccmadmin </em>page of an affected version of CUCM. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.<br /> <br /> Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <em>ccmadmin </em>page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.<br /> <br /> The vulnerability is due to improper sanitization or encoding of user-supplied data by the <em>ccmadmin </em>page of an affected version of CUCM. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.<br /> <br /> Workarounds that address this vulnerability are not available. <br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9206 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ONS%2015454%20Series%20Multiservice%20Provisioning%20Platforms%20TCP%20Port%20Management%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload.<br /> <br /> The vulnerability is due to a specific TCP port listening on the local management port when it should have been internal only. An attacker could exploit this vulnerability by sending a continuous stream of TCP traffic to the targeted device on the specific TCP port. An exploit could allow the attacker to cause the controller card to unexpectedly reset. The user traffic is not impacted; however, the management port traffic could be briefly disrupted.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload.<br /> <br /> The vulnerability is due to a specific TCP port listening on the local management port when it should have been internal only. An attacker could exploit this vulnerability by sending a continuous stream of TCP traffic to the targeted device on the specific TCP port. An exploit could allow the attacker to cause the controller card to unexpectedly reset. The user traffic is not impacted; however, the management port traffic could be briefly disrupted.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9211 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons Cisco Emergency Responder Directory Traversal Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Emergency%20Responder%20Directory%20Traversal%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Emergency Responder Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device.<br /> <br /> The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Emergency Responder Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device.<br /> <br /> The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9208 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1 Cisco Emergency Responder Cross-Site Request Forgery Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Emergency%20Responder%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Emergency Responder Cross-Site Request Forgery Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.<br /> <br /> The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.<br /> <br /> More information about CSRF is in <a href="http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28726">Understanding Cross-Site Request Forgery Threat Vectors</a>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Emergency Responder Cross-Site Request Forgery Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.<br /> <br /> The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.<br /> <br /> More information about CSRF is in <a href="http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28726">Understanding Cross-Site Request Forgery Threat Vectors</a>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6468 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOx%20Application-Hosting%20Framework%20Directory%20Traversal%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.<br /> <br /> The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework on a targeted system. A successful exploit could allow the attacker to read arbitrary files on the targeted system.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.<br /> <br /> The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework on a targeted system. A successful exploit could allow the attacker to read arbitrary files on the targeted system.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9199 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Security%20Appliances%20AsyncOS%20Software%20Update%20Server%20Certificate%20Validation%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.<br /> <br /> The vulnerability is due to a lack of certificate validation during the HTTPS connection toward the repository from which the update manifests are retrieved. An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) and impersonating the update server.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.<br /> <br /> The vulnerability is due to a lack of certificate validation during the HTTPS connection toward the repository from which the update manifests are retrieved. An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) and impersonating the update server.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-1411 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%205000%20Series%20IKEv2%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the <em>ipsecmgr</em> process.<br /> <br /> The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation. An exploit could allow the attacker to cause a crash of the <em>ipsecmgr</em> process, which will restart on its own. Only the connection being negotiated will need to re-establish.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the <em>ipsecmgr</em> process.<br /> <br /> The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation. An exploit could allow the attacker to cause a crash of the <em>ipsecmgr</em> process, which will restart on its own. Only the connection being negotiated will need to re-establish.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-9203 Wed, 07 Dec 2016 16:00:00 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1 Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%205000%20Series%20IPv6%20Packet%20Processing%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. <br /> <br /> The vulnerability is due to lack of proper input validation of the IPv6 fragment lengths. An attacker could exploit this vulnerability by sending a crafted IPv6 fragment chain to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition if the NPU process unexpectedly reloads. The DoS condition could temporarily impact user traffic.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. <br /> <br /> The vulnerability is due to lack of proper input validation of the IPv6 fragment lengths. An attacker could exploit this vulnerability by sending a crafted IPv6 fragment chain to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition if the NPU process unexpectedly reloads. The DoS condition could temporarily impact user traffic.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6467 Wed, 07 Dec 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20May%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 " border='0' height='0' width='0'></img>On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with<em> </em>Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.<br /> <br /> Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities. <br /> <br /> This advisory will be updated as additional information becomes available. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 " border='0' height='0' width='0'></img>On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with<em> </em>Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.<br /> <br /> Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities. <br /> <br /> This advisory will be updated as additional information becomes available. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109,CVE-2016-2176 Mon, 05 Dec 2016 16:10:21 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20November%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016" border='0' height='0' width='0'></img>On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as &ldquo;Critical Severity,&rdquo; one as &ldquo;Moderate Severity,&rdquo; and one as &ldquo;Low Severity.&rdquo;<br /> <br /> Two of the vulnerabilities affect only recent OpenSSL versions in the 1.1.0 release series. The remaining Low Severity vulnerability affects OpenSSL versions in the 1.0.2 and 1.1.0 release series. <br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016" border='0' height='0' width='0'></img>On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as &ldquo;Critical Severity,&rdquo; one as &ldquo;Moderate Severity,&rdquo; and one as &ldquo;Low Severity.&rdquo;<br /> <br /> Two of the vulnerabilities affect only recent OpenSSL versions in the 1.1.0 release series. The remaining Low Severity vulnerability affects OpenSSL versions in the 1.0.2 and 1.1.0 release series. <br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-7053,CVE-2016-7054,CVE-2016-7055 Fri, 02 Dec 2016 15:04:41 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Network%20Time%20Protocol%20Daemon%20Affecting%20Cisco%20Products:%20November%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server. <br /> <br /> On November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time. <br /> <br /> The new vulnerabilities disclosed in this document are as follows:<br /> <ul> <li>Network Time Protocol Trap Service Denial of Service Vulnerability</li> <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li> <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li> <li>Network Time Protocol Insufficient Resource Pool Denial of Service Vulnerability</li> <li>Network Time Protocol Configuration Modification Denial of Service Vulnerability</li> <li>Network Time Protocol mrulist Query Requests Denial of Service Vulnerability</li> <li>Network Time Protocol Multiple Binds to the Same Port Vulnerability</li> <li>Network Time Protocol Rate Limiting Denial of Service Vulnerability</li> </ul> <div>As well as:<br /> <ul> <li>Regression of CVE-2015-8138</li> <li>Network Time Protocol Reboot sync calculation problem</li> </ul> </div> Additional details about each vulnerability are in the <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se">NTP Consortium Security Notice</a>.<br /> <br /> Workarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server. <br /> <br /> On November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time. <br /> <br /> The new vulnerabilities disclosed in this document are as follows:<br /> <ul> <li>Network Time Protocol Trap Service Denial of Service Vulnerability</li> <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li> <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li> <li>Network Time Protocol Insufficient Resource Pool Denial of Service Vulnerability</li> <li>Network Time Protocol Configuration Modification Denial of Service Vulnerability</li> <li>Network Time Protocol mrulist Query Requests Denial of Service Vulnerability</li> <li>Network Time Protocol Multiple Binds to the Same Port Vulnerability</li> <li>Network Time Protocol Rate Limiting Denial of Service Vulnerability</li> </ul> <div>As well as:<br /> <ul> <li>Regression of CVE-2015-8138</li> <li>Network Time Protocol Reboot sync calculation problem</li> </ul> </div> Additional details about each vulnerability are in the <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se">NTP Consortium Security Notice</a>.<br /> <br /> Workarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2015-8138,CVE-2016-7426,CVE-2016-7427,CVE-2016-7428,CVE-2016-7429,CVE-2016-7431,CVE-2016-7433,CVE-2016-7434,CVE-2016-9310,CVE-2016-9311,CVE-2016-9312 Fri, 02 Dec 2016 14:51:58 CST https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20September%202016&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 " border='0' height='0' width='0'></img>On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as &ldquo;Critical Severity,&rdquo; one as &ldquo;Moderate Severity,&rdquo; and the other 12 as &ldquo;Low Severity.&rdquo; <br /> <br /> Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as &ldquo;High Severity&rdquo; and the other as &ldquo;Moderate Severity.&rdquo; <br /> <br /> Of the 16 released vulnerabilities:<br /> <ul> <li>Fourteen track issues that could result in a denial of service (DoS) condition</li> <li>One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality</li> <li>One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system</li> </ul> <br /> Five of the 16 vulnerabilities exclusively affect the recently released OpenSSL versions that are part of the 1.1.0 release series, which has not yet been integrated into any Cisco product.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 " border='0' height='0' width='0'></img>On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as &ldquo;Critical Severity,&rdquo; one as &ldquo;Moderate Severity,&rdquo; and the other 12 as &ldquo;Low Severity.&rdquo; <br /> <br /> Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as &ldquo;High Severity&rdquo; and the other as &ldquo;Moderate Severity.&rdquo; <br /> <br /> Of the 16 released vulnerabilities:<br /> <ul> <li>Fourteen track issues that could result in a denial of service (DoS) condition</li> <li>One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality</li> <li>One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system</li> </ul> <br /> Five of the 16 vulnerabilities exclusively affect the recently released OpenSSL versions that are part of the 1.1.0 release series, which has not yet been integrated into any Cisco product.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6305,CVE-2016-6306,CVE-2016-6307,CVE-2016-6308,CVE-2016-6309,CVE-2016-7052 Wed, 16 Nov 2016 19:26:07 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl Cisco ASA Input Validation File Injection Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASA%20Input%20Validation%20File%20Injection%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Input Validation File Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system.<br /> <br /> The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting XML input into the affected fields of the web interface. An exploit could allow the attacker to impact the integrity of the device data.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA Input Validation File Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system.<br /> <br /> The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting XML input into the affected fields of the web interface. An exploit could allow the attacker to impact the integrity of the device data.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6461 Wed, 16 Nov 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Web%20Interface%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters used by that page. An attacker could exploit this vulnerability by convincing the user of the system to follow an attacker-supplied link. An exploit could allow the attacker to cause arbitrary script or HTML code to be executed on the user's browser within the context of the affected application.<br /> <br /> Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability" border='0' height='0' width='0'></img>A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters used by that page. An attacker could exploit this vulnerability by convincing the user of the system to follow an attacker-supplied link. An exploit could allow the attacker to cause arbitrary script or HTML code to be executed on the user's browser within the context of the affected application.<br /> <br /> Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6472 Wed, 16 Nov 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm Cisco Firepower System Software FTP Malware Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20System%20Software%20FTP%20Malware%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower System Software FTP Malware Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection.<br /> <br /> The vulnerability is due to a lack of continuity between the FTP control and data connection when the malware is detected. An attacker could exploit this vulnerability by repeatedly attempting to download FTP malware. An exploit could allow the attacker to bypass the configured FTP malware blocking rules.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Firepower System Software FTP Malware Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection.<br /> <br /> The vulnerability is due to a lack of continuity between the FTP control and data connection when the malware is detected. An attacker could exploit this vulnerability by repeatedly attempting to download FTP malware. An exploit could allow the attacker to bypass the configured FTP malware blocking rules.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6460 Wed, 16 Nov 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20MIME%20Header%20Processing%20Filter%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.<br /> <br /> The vulnerability is due to improper error handling when malformed Multipurpose Internet Mail Extensions (MIME) headers are present in an email attachment that is sent through an affected device. An attacker could exploit this vulnerability by sending an email message that has a crafted, MIME-encoded file attachment through an affected device. A successful exploit could allow the attacker to bypass AMP filter configurations for the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.<br /> <br /> The vulnerability is due to improper error handling when malformed Multipurpose Internet Mail Extensions (MIME) headers are present in an email attachment that is sent through an affected device. An attacker could exploit this vulnerability by sending an email message that has a crafted, MIME-encoded file attachment through an affected device. A successful exploit could allow the attacker to bypass AMP filter configurations for the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6463 Wed, 16 Nov 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2 Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20MIME%20Header%20Processing%20Filter%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.<br /> <br /> The vulnerability is due to improper error handling when malformed Multipurpose Internet Mail Extensions (MIME) headers are present in an email attachment that is sent through an affected device. An attacker could exploit this vulnerability by sending an email message that has a crafted, MIME-encoded file attachment through an affected device. A successful exploit could allow the attacker to bypass AMP filter configurations for the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.<br /> <br /> The vulnerability is due to improper error handling when malformed Multipurpose Internet Mail Extensions (MIME) headers are present in an email attachment that is sent through an affected device. An attacker could exploit this vulnerability by sending an email message that has a crafted, MIME-encoded file attachment through an affected device. A successful exploit could allow the attacker to bypass AMP filter configurations for the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6462 Wed, 16 Nov 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1 Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%205000%20Series%20ipsecmgr%20Service%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing of Internet Key Exchange (IKE) messages. An attacker could exploit this vulnerability by sending crafted IKE messages toward the router. An exploit could allow the attacker to cause a reload of the<em> ipsecmgr</em> service. A reload of the <em>ipsecmgr </em>service might result in all IPsec VPN tunnels being terminated and new tunnels being unable to establish until the service has restarted, resulting in a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing of Internet Key Exchange (IKE) messages. An attacker could exploit this vulnerability by sending crafted IKE messages toward the router. An exploit could allow the attacker to cause a reload of the<em> ipsecmgr</em> service. A reload of the <em>ipsecmgr </em>service might result in all IPsec VPN tunnels being terminated and new tunnels being unable to establish until the service has restarted, resulting in a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6466 Wed, 16 Nov 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr Cisco IOS XE Software Directory Traversal Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20Directory%20Traversal%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XE Software Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <strong>package unbundle</strong> utility of Cisco&nbsp;IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system.<br /> <br /> The vulnerability is due to insufficient validation of files submitted to the affected installation utility. An attacker could exploit this vulnerability by uploading a crafted file to an affected system and running the installation utility command. A successful exploit could allow the attacker to gain write access to some files in the underlying operating system, which could allow the attacker to override the write-accessible files and compromise the integrity of the system.<br /> <br /> To exploit this vulnerability, the attacker must have sufficient privileges to execute the appropriate commands. In a default configuration, the <em>privilege 15</em> privilege is needed to exploit this vulnerability. As a secondary impact of this vulnerability, an attacker may be able to modify some files and obtain access to the underlying operating system shell without having to provide a valid license.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XE Software Directory Traversal Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the <strong>package unbundle</strong> utility of Cisco&nbsp;IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system.<br /> <br /> The vulnerability is due to insufficient validation of files submitted to the affected installation utility. An attacker could exploit this vulnerability by uploading a crafted file to an affected system and running the installation utility command. A successful exploit could allow the attacker to gain write access to some files in the underlying operating system, which could allow the attacker to override the write-accessible files and compromise the integrity of the system.<br /> <br /> To exploit this vulnerability, the attacker must have sufficient privileges to execute the appropriate commands. In a default configuration, the <em>privilege 15</em> privilege is needed to exploit this vulnerability. As a secondary impact of this vulnerability, an attacker may be able to modify some files and obtain access to the underlying operating system shell without having to provide a valid license.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6450 Tue, 15 Nov 2016 16:00:00 CST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%205500%20Series%20with%20DPC2%20Cards%20SESSMGR%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing during the handoff of reassembled IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments across the ASR 5500 Series router. An exploit could allow the attacker to cause an instance of the <em>sessmgr</em> service on the affected device to reload. A reload of the <em>sessmgr</em> service will cause all subscriber sessions serviced by that task to be disconnected, resulting in a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing during the handoff of reassembled IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments across the ASR 5500 Series router. An exploit could allow the attacker to cause an instance of the <em>sessmgr</em> service on the affected device to reload. A reload of the <em>sessmgr</em> service will cause all subscriber sessions serviced by that task to be disconnected, resulting in a denial of service (DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6455 Wed, 02 Nov 2016 16:00:00 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Application%20Policy%20Infrastructure%20Controller%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.<br /> <br /> The vulnerability is due to improper handling of a type of Layer 2 control plane traffic. An attacker could exploit this vulnerability by sending crafted traffic to a host behind a leaf switch. An exploit could allow the attacker to cause a DoS condition on the affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.<br /> <br /> The vulnerability is due to improper handling of a type of Layer 2 control plane traffic. An attacker could exploit this vulnerability by sending crafted traffic to a host behind a leaf switch. An exploit could allow the attacker to cause a DoS condition on the affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6457 Wed, 02 Nov 2016 16:00:00 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20RAR%20File%20Attachment%20Scanner%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device.<br /> <br /> The vulnerability is due to incorrect validation of protected or encrypted email attachments that are Roshal Archive (RAR) format files. An attacker could exploit this vulnerability by sending an email message that has a crafted RAR file attachment through an affected device. A successful exploit could allow the attacker to bypass content filters that are configured to detect and act upon protected or encrypted email attachments.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device.<br /> <br /> The vulnerability is due to incorrect validation of protected or encrypted email attachments that are Roshal Archive (RAR) format files. An attacker could exploit this vulnerability by sending an email message that has a crafted RAR file attachment through an affected device. A successful exploit could allow the attacker to bypass content filters that are configured to detect and act upon protected or encrypted email attachments.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-6458 Wed, 02 Nov 2016 16:00:00 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa Cisco Prime Home Authentication Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Home%20Authentication%20Bypass%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Home Authentication Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full <em>administrator</em> privileges.<br /> <br /> The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a particular URL. An exploit could allow the attacker to obtain a valid session identifier for an arbitrary user, which would allow the attacker to perform any actions in Cisco Prime Home for which that user is authorized&mdash;including users with <em>administrator</em> privileges.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Home Authentication Bypass Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full <em>administrator</em> privileges.<br /> <br /> The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a particular URL. An exploit could allow the attacker to obtain a valid session identifier for an arbitrary user, which would allow the attacker to perform any actions in Cisco Prime Home for which that user is authorized&mdash;including users with <em>administrator</em> privileges.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2016-6452 Wed, 02 Nov 2016 16:00:00 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meeting%20Server%20Session%20Description%20Protocol%20Media%20Lines%20Buffer%20Overflow%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Description Protocol&nbsp;(SDP) parser of Cisco&nbsp;Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.<br /> <br /> The vulnerability exists because the affected software performs incomplete input validation of the size of media lines in session descriptions. An attacker could exploit this vulnerability by sending crafted packets to the SDP parser on an affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on an affected system, which could allow the attacker to execute arbitrary code on the system.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Description Protocol&nbsp;(SDP) parser of Cisco&nbsp;Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.<br /> <br /> The vulnerability exists because the affected software performs incomplete input validation of the size of media lines in session descriptions. An attacker could exploit this vulnerability by sending crafted packets to the SDP parser on an affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on an affected system, which could allow the attacker to execute arbitrary code on the system.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-6448 Wed, 02 Nov 2016 16:00:00 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1 Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meeting%20Server%20and%20Meeting%20App%20Buffer%20Underflow%20Vulnerability&vs_k=1 <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.<br /> <br /> The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv6 input to the vulnerable function. A successful exploit could result in an exploitable buffer underflow condition. An attacker could leverage this buffer underflow condition to incorrectly allocate memory and cause a reload of the device or execute arbitrary code with the privileges of the affected application.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms</a> <img src="https://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability" border='0' height='0' width='0'></img>A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.<br /> <br /> The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv6 input to the vulnerable function. A successful exploit could result in an exploitable buffer underflow condition. An attacker could leverage this buffer underflow condition to incorrectly allocate memory and cause a reload of the device or execute arbitrary code with the privileges of the affected application.<br /> <br /> Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2016-6447 Wed, 02 Nov 2016 16:00:00 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms