Cisco Security Advisory https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20WebVPN%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the <strong>Login</strong> screen of the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0242 Fri, 20 Apr 2018 12:43:39 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASA%20Software,%20FTD%20Software,%20and%20AnyConnect%20Secure%20Mobility%20Client%20SAML%20Authentication%20Session%20Fixation%20Vulnerability&vs_k=1 A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. The authentication would need to be done by an unsuspecting third party.<br /> <br /> The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company's Identity Provider (IdP). A successful exploit could allow the attacker to hijack a valid authentication token and use that to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0229 Fri, 20 Apr 2018 12:43:38 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect Cisco WebEx Clients Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Clients%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.<br /> <br /> The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (<em>.swf</em>) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0112 Thu, 19 Apr 2018 21:07:10 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs Cisco MATE Collector Cross-Site Request Forgery Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20MATE%20Collector%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1 A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.<br /> <br /> The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0259 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE Cisco Wireless LAN Controller Default Simple Network Management Protocol Community Strings https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wlc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20Default%20Simple%20Network%20Management%20Protocol%20Community%20Strings&vs_k=1 With new installations of Cisco Wireless LAN Controller Software, the installation scripts create default community strings for Simple Network Management Protocol (SNMP) Version 2 (SNMPv2) and default usernames for SNMP Version 3 (SNMPv3), both allowing for <em>read </em>and <em>write </em>access. <br /> <br /> As documented in the <a href="https://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/8-5/82463-wlc-config-best-practice.html#pgfId-379998">Cisco Wireless LAN Controller Configuration Best Practices guide</a>, the SNMP configuration should either be changed or disabled depending on the environmental requirements. If the default community strings and usernames are not changed or disabled, the system is open for <em>read </em>and <em>write </em>access through SNMP. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wlc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wlc</a> <br/>Security Impact Rating: Informational Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wlc Cisco WebEx Connect IM Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-webcon?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Connect%20IM%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <p>A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.</p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-webcon">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-webcon</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0276 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-webcon Cisco UCS Director Virtual Machine Information Disclosure Vulnerability for End User Portal https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Director%20Virtual%20Machine%20Information%20Disclosure%20Vulnerability%20for%20End%20User%20Portal&vs_k=1 A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on any virtual machine. The permitted operations can be configured for the end user on the virtual machines with either of the following settings: <ul> <li>The virtual machine is associated to a Virtual Data Center (VDC) that has an end user self-service policy attached to the VDC.</li> <li>The end user role has <strong>VM Management Actions</strong> settings configured under <strong>User Permissions</strong>. This is a global configuration, so all the virtual machines visible in the end-user portal will have the VM management actions available.</li> </ul> The vulnerability is due to improper user authentication checks. An attacker could exploit this vulnerability by logging in to the UCS Director with a modified username and valid password. A successful exploit could allow the attacker to gain visibility into and perform actions against all virtual machines in the UCS Director end-user portal of the affected system.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0238 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd Cisco Unified Communications Manager LDAP Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20LDAP%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials.<br /> <br /> The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0267 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1 Cisco Unified Communications Manager HTTP Interface Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20HTTP%20Interface%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data.<br /> <br /> The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0266 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm Cisco StarOS IPsec Manager Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20StarOS%20IPsec%20Manager%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the <em>ipsecmgr </em>service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0273 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr Cisco StarOS Interface Forwarding Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20StarOS%20Interface%20Forwarding%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear the condition.<br /> <br /> The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros</a></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0239 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros Cisco Packet Data Network Gateway Peer-to-Peer Message Processing Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Packet%20Data%20Network%20Gateway%20Peer-to-Peer%20Message%20Processing%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the peer-to-peer message processing functionality of Cisco&nbsp;Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR) process on an affected device to restart, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to incorrect validation of peer-to-peer packet headers. An attacker could exploit this vulnerability by sending a crafted peer-to-peer packet through an affected device. A successful exploit could allow the attacker to cause the SESSMGR process on the affected device to restart unexpectedly, which could briefly impact traffic while the SESSMGR process restarts and result in a DoS condition.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0256 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng Cisco Identity Services Engine Shell Access Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Shell%20Access%20Vulnerability&vs_k=1 <p><p>A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell.</p> <p>The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access.</p></p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0275 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20UDP%20Broadcast%20Forwarding%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in&nbsp;the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.<br /> <br /> The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IPv4 helper address. An attacker could exploit this vulnerability by sending multiple UDP broadcast packets to the affected device. An exploit could allow the attacker to cause a buffer leak on the affected device, eventually resulting in a DoS condition requiring manual intervention to recover.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0241 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Industrial%20Ethernet%20Switches%20Device%20Manager%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1 A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system.<br /> <br /> The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0255 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess Cisco Firepower System Software Intelligent Application Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20System%20Software%20Intelligent%20Application%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured.<br /> <br /> The vulnerability is due to incorrect counting of the percentage of dropped traffic. An attacker could exploit this vulnerability by sending network traffic to a targeted device. An exploit could allow the attacker to bypass configured file action policies, and traffic that should be dropped could be allowed into the network.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0254 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2 Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20System%20Software%20Server%20Message%20Block%20File%20Policy%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block (SMB) protocol if a malware file is detected.<br /> <br /> The vulnerability is due to how the SMB protocol handles a case in which a large file transfer fails. This case occurs when some pieces of the file are successfully transferred to the remote endpoint, but ultimately the file transfer fails and is reset. An attacker could exploit this vulnerability by sending a crafted SMB file transfer request through the targeted device. An exploit could allow the attacker to pass an SMB file that contains malware, which the device is configured to block.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0244 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1 Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20System%20Software%20Server%20Message%20Block%20File%20Policy%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected.<br /> <br /> The vulnerability is due to incorrect detection of an SMB2 or SMB3 file based on the total file length. An attacker could exploit this vulnerability by sending a crafted SMB2 or SMB3 transfer request through the targeted device. An exploit could allow the attacker to pass SMB2 or SMB3 files that could be malware even though the device is configured to block them. This vulnerability does not exist for SMB Version 1 (SMB1) files.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0243 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Detection%20Engine%20Secure%20Sockets%20Layer%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Secure Sockets Layer&nbsp;(SSL) packet reassembly functionality of the detection engine in Cisco&nbsp;Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connections through an affected device. A successful exploit could allow the attacker to cause the detection engine to consume excessive system memory on the affected device, which could cause a DoS condition. The device may need to be reloaded manually to recover from this condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0233 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%202100%20Series%20Security%20Appliances%20IP%20Fragmentation%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the internal packet-processing functionality of Cisco&nbsp;Firepower Threat Defense (FTD) Software for Cisco&nbsp;Firepower 2100 Series Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to the affected software improperly validating IP Version 4&nbsp;(IPv4) and IP Version 6&nbsp;(IPv6) packets after the software reassembles the packets. An attacker could exploit this vulnerability by sending a series of malicious, fragmented IPv4 or IPv6 packets to an affected device. A successful exploit could allow the attacker to cause Snort processes on the affected device to hang at 100% CPU utilization, which could cause the device to stop processing traffic and result in a DoS condition until the device is reloaded manually.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0230 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100 Cisco Firepower Threat Defense SSL Engine High CPU Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Threat%20Defense%20SSL%20Engine%20High%20CPU%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this vulnerability by sending a large volume of crafted SSL traffic to the vulnerable device. A successful exploit could allow the attacker to degrade the device performance by triggering a persistent high CPU utilization condition.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0272 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower Cisco DNA Center Cross Origin Resource Sharing Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20DNA%20Center%20Cross%20Origin%20Resource%20Sharing%20Vulnerability&vs_k=1 A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction.<br /> <br /> The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0269 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1 Cisco cBR Series Converged Broadband Routers High CPU Usage Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20cBR%20Series%20Converged%20Broadband%20Routers%20High%20CPU%20Usage%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in Cisco&nbsp;IOS XE Software running on Cisco&nbsp;cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to the incorrect handling of certain DHCP packets. An attacker could exploit this vulnerability by sending certain DHCP packets to a specific segment of an affected device. A successful exploit could allow the attacker to increase CPU usage on the affected device and cause a DoS condition.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0257 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8 Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Clientless%20SSL%20VPN%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the <strong>Web Server Authentication Required</strong> screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the portal or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0251 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2 Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Application%20Layer%20Protocol%20Inspection%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device.<br /> <br /> Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0240 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20TLS%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0231 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3 Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Flow%20Creation%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. <br /> <br /> The vulnerability is due to incorrect handling of an internal software lock that could prevent other system processes from getting CPU cycles, causing a high CPU condition. An attacker could exploit this vulnerability by sending a&nbsp; steady stream of malicious IP packets that can cause connections to be created on the targeted device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition during which traffic through the device could be delayed. This vulnerability applies to either IPv4 or IPv6 ingress traffic.<br /> <br /> Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa2</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0228 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa2 Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Virtual%20Private%20Network%20SSL%20Client%20Certificate%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps.<br /> <br /> The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0227 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1 Cisco AMP for Endpoints macOS Connector DMG File Malware Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20AMP%20for%20Endpoints%20macOS%20Connector%20DMG%20File%20Malware%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection.<br /> <br /> The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0237 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp Cisco MATE Live Directory Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20MATE%20Live%20Directory%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories.<br /> <br /> The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted application. An exploit could allow the attacker to view sensitive information that should require authentication.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0260 Wed, 18 Apr 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1 Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Smart%20Install%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the Smart Install feature of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>Smart Install client functionality is enabled by default on switches that are running Cisco&nbsp;IOS Software releases that have not been updated to address Cisco bug ID&nbsp;<a href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820">CSCvd36820</a>.</p> <p> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi</a><p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0156 Tue, 17 Apr 2018 15:12:04 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Smart%20Install%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in the Smart Install feature of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.<br /> <br /> The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:<br /> <ul> <li>Triggering a reload of the device</li> <li>Allowing the attacker to execute arbitrary code on the device</li> <li>Causing an indefinite loop on the affected device that triggers a watchdog crash</li> </ul> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>Smart Install client functionality is enabled by default on switches that are running Cisco&nbsp;IOS Software releases that have not been updated to address Cisco bug ID&nbsp;<a href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820">CSCvd36820</a>.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2</a></p> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0171 Tue, 17 Apr 2018 15:08:41 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 Cisco Best Practices to Harden Devices Against Cyber Attacks Targeting Network Infrastructure https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180416-tsa18-106a?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Best%20Practices%20to%20Harden%20Devices%20Against%20Cyber%20Attacks%20Targeting%20Network%20Infrastructure&vs_k=1 <p>Cisco is aware of the recent joint technical alert from US-CERT (<a href="https://www.us-cert.gov/ncas/alerts/TA18-106A">TA18-106A</a>) that details known issues which require customers take steps to protect their networks against cyber-attacks. Providing transparency and guidance to help customers best protect their network is a top priority. Cisco security teams have been actively informing customers about the necessary steps to secure Smart Install and the other protocols addressed in the joint alert through security advisories, blogs, and direct communications. Today&rsquo;s announcement is another reminder for everyone of the importance to strive for constant improvement in managing vulnerabilities, as well as implementing security hygiene best practices.</p> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180416-tsa18-106a">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180416-tsa18-106a</a> <br/>Security Impact Rating: Informational Mon, 16 Apr 2018 23:30:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180416-tsa18-106a Cisco Smart Install Protocol Misuse https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Smart%20Install%20Protocol%20Misuse&vs_k=1 Cisco is aware of a significant increase in Internet scans attempting to detect devices where, after completing setup, the Smart Install feature remains enabled and without proper security controls. This could leave the involved devices susceptible to misuse of the feature. Customers who have not done so are encouraged to follow guidance in the <strong>Recommendations</strong> section of this notice to assess and ensure their network switches are properly protected against abuse of the Smart Install feature.<br /> <br /> Several researchers have reported on the use of Smart Install (SMI) protocol messages toward Smart Install clients, also known as <em>integrated branch clients (IBC)</em>, allowing an unauthenticated, remote attacker to change the <em>startup-config</em> file and force a reload of the device, load a new IOS image on the device, and execute high-privilege CLI commands on switches running Cisco IOS and IOS XE Software.<br /> <p>Cisco does not consider this a vulnerability in Cisco IOS, IOS XE, or the Smart Install feature itself but a misuse of the Smart Install protocol, which does not require authentication by design. Customers who are seeking more than zero-touch deployment should consider deploying the&nbsp;<a href="http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/solution/guide/pnp-solution-guide.html">Cisco Network Plug and Play</a> solution instead.<br /> <br /> Cisco has updated the <a href="http://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/concepts.html#23355">Smart Install Configuration Guide</a> to include security best practices regarding the deployment of the Cisco Smart Install feature within customer infrastructures.<br /> <br /> These issues have been reported by Tenable Network Security, Daniel Turner of Trustwave SpiderLabs, and Alexander Evstigneev and Dmitry Kuznetsov of Digital Security.<br /> <br /> Cisco has recently published blog posts alerting our customers about the need to ensure their network switches are properly protected against abuse of the Smart Install feature, as Cisco has learned of a public posting that details potential abuse of this feature and has received reports of attacks when Smart Install was left enabled. These blog posts are available at the following links:</p> <ul> <li> <a href="https://blogs.cisco.com/security/cisco-psirt-mitigating-and-detecting-potential-abuse-of-cisco-smart-install-feature" title="PSIRT Blog Post">Cisco PSIRT &ndash; Mitigating and Detecting Potential Abuse of Cisco Smart Install Feature</a></li> <li><a href="http://blog.talosintelligence.com/2017/02/cisco-coverage-for-smart-install-client.html" title="Talos Blog Post">Cisco Coverage for Smart Install Client Protocol Abuse</a></li> </ul> <p>&nbsp;</p> <h2>Additional Information</h2> <h3>Cisco Smart Install </h3> Cisco Smart Install is a "plug-and-play" configuration and image-management feature that provides zero-touch deployment for new (typically access layer) switches. The feature allows a customer to ship a Cisco switch to any location, install it in the network, and power it on without additional configuration requirements. The Smart Install feature incorporates no authentication by design.<br /> <br /> A Smart Install network consists of exactly one Smart Install director switch or router, also known as an <em>integrated branch director (IBD)</em>, and one or more Smart Install client switches, also known as <em>integrated branch clients</em> <em>(IBCs)</em>. A client switch does not need to be directly connected to the director but can be up to seven hops away. Only Smart Install client switches are affected by the misuse described in this document.<br /> <br /> The director provides a single management point for images and configuration of client switches. When a client switch is first installed into the network, the director automatically detects the new switch and identifies the co <br/>Security Impact Rating: Informational Mon, 16 Apr 2018 18:42:10 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Quality%20of%20Service%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in the quality of service&nbsp;(QoS) subsystem of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service&nbsp;(DoS) condition or execute arbitrary code with elevated privileges.<br /> <br /> The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.<br /> <br /> The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos</a><br /> <p><p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p></p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0151 Fri, 13 Apr 2018 15:36:54 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Action%20Required%20to%20Secure%20the%20Cisco%20IOS%20and%20IOS%20XE%20Smart%20Install%20Feature&vs_k=1 <p>In recent weeks, Cisco has published several documents related to the Smart Install feature: one Talos blog about potential misuse of the feature if left enabled, and two Cisco Security Advisories that were included in the March 2018 release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication. Given the heightened awareness, we want to minimize any potential confusion about exploitation attempts and clarify the verification of the feature on customer devices. As such, Cisco has attempted to consolidate all information related to the mitigation of potential Smart Install misuse or exploit of related vulnerabilities into this single document, which also notes how to properly secure devices that may be exposed and remediate the disclosed vulnerabilities.</p> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi</a> <br/>Security Impact Rating: Informational Wed, 11 Apr 2018 18:10:46 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi CPU Side-Channel Information Disclosure Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=CPU%20Side-Channel%20Information%20Disclosure%20Vulnerabilities&vs_k=1 On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.<br /> <br /> The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as <em>Spectre</em>. The third vulnerability, CVE-2017-5754, is known as <em>Meltdown</em>. The vulnerabilities are all variants of the same attack and differ in the way that speculative execution is exploited. <br /> <br /> To exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.<br /> <br /> A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as operating system or hypervisor, is patched against the vulnerabilities in question.<br /> <br /> Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. Refer to the &ldquo;Affected Products&rdquo; section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.<br /> <br /> Cisco will release software updates that address these vulnerabilities.<br /> &nbsp;<br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-5715,CVE-2017-5753,CVE-2017-5754 Mon, 09 Apr 2018 19:33:18 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-FIB-dos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Forwarding%20Information%20Base%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-FIB-dos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-FIB-dos</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0189 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-FIB-dos Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20for%20Cisco%20Catalyst%20Switches%20IPv4%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the IP Version 4&nbsp;(IPv4) processing code of Cisco&nbsp;IOS XE Software running on Cisco&nbsp;Catalyst 3850 and Cisco&nbsp;Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4</a> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0177 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4 Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Internet%20Key%20Exchange%20Version%201%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the implementation of Internet Key Exchange Version 1&nbsp;(IKEv1) functionality in Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service&nbsp;(DoS) condition.</p> <p>The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos</a></p> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0159 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Internet%20Key%20Exchange%20Memory%20Leak%20Vulnerability&vs_k=1 A vulnerability in the Internet Key Exchange Version 2&nbsp;(IKEv2) module of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service&nbsp;(DoS) condition. <br /> <br /> The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike</a> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0158 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20Internet%20Group%20Management%20Protocol%20Memory%20Leak%20Vulnerability&vs_k=1 A vulnerability in the Internet Group Management Protocol&nbsp;(IGMP) packet-processing functionality of Cisco&nbsp;IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp</a> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0165 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20Zone-Based%20Firewall%20IP%20Fragmentation%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Zone-Based Firewall code of Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload.<br /> <br /> The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip</a> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0157 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip Cisco IOS Software 802.1x Multiple-Authentication Port Authentication Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20802.1x%20Multiple-Authentication%20Port%20Authentication%20Bypass%20Vulnerability&vs_k=1 <p>A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port.<br /> <br /> The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network.<br /></p> <p>There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0163 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Integrated%20Services%20Module%20for%20VPN%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the crypto engine of the Cisco&nbsp;Integrated Services Module for VPN&nbsp;(ISM-VPN) running Cisco&nbsp;IOS Software could allow an unauthenticated, remote attacker to cause a denial of service&nbsp;(DoS) condition on an affected device.<br /> <br /> The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos</a> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0154 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20DHCP%20Version%204%20Relay%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the DHCP option 82 encapsulation functionality of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4&nbsp;(DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3</a> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0174 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3 Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20DHCP%20Version%204%20Relay%20Reply%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4&nbsp;(DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2</a> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0173 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2 Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20DHCP%20Version%204%20Relay%20Heap%20Overflow%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the DHCP option 82 encapsulation functionality of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4&nbsp;(DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1</a> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0172 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1 Cisco IOS XE Software CLI Command Injection Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20CLI%20Command%20Injection%20Vulnerabilities&vs_k=1 <p>Multiple vulnerabilities in the CLI parser of Cisco&nbsp;IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with <em>root</em> privileges on the device.<br /> <br /> The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with <em>root</em> privileges on the device.</p> <p>There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0182,CVE-2018-0185,CVE-2018-0193,CVE-2018-0194 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Bidirectional%20Forwarding%20Detection%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Bidirectional Forwarding Detection&nbsp;(BFD) offload implementation of Cisco&nbsp;Catalyst 4500 Series Switches and Cisco&nbsp;Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the <em>iosd</em> process, causing a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd</a> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0155 Wed, 28 Mar 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd