Cisco Security Advisory https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=CPU%20Side-Channel%20Information%20Disclosure%20Vulnerabilities:%20May%202018&vs_k=1 <p>On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged memory belonging to other processes.</p> <p>The first vulnerability, CVE-2018-3639, is known as <em>Spectre Variant 4</em> or <em>SpectreNG</em>. The second vulnerability, CVE-2018-3640, is known as <em>Spectre Variant 3a</em>. Both of these attacks are variants of the attacks disclosed in January 2018 and leverage cache-timing attacks to infer any disclosed data.</p> <p>To exploit either of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.</p> <p>A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as operating system or hypervisor, is patched against the vulnerabilities in question.</p> <p>Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. Refer to the &ldquo;Affected Products&rdquo; section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.&nbsp; </p> <p>Cisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-3639,CVE-2018-3640 Tue, 22 May 2018 20:58:21 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel CPU Side-Channel Information Disclosure Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=CPU%20Side-Channel%20Information%20Disclosure%20Vulnerabilities&vs_k=1 On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.<br /> <br /> The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as <em>Spectre</em>. The third vulnerability, CVE-2017-5754, is known as <em>Meltdown</em>. The vulnerabilities are all variants of the same attack and differ in the way that speculative execution is exploited. <br /> <br /> To exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.<br /> <br /> A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as operating system or hypervisor, is patched against the vulnerabilities in question.<br /> <br /> Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. Refer to the &ldquo;Affected Products&rdquo; section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.<br /> <br /> Cisco will release software updates that address these vulnerabilities.<br /> &nbsp;<br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-5715,CVE-2017-5753,CVE-2017-5754 Tue, 22 May 2018 18:30:08 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Bleichenbacher%20Attack%20on%20TLS%20Affecting%20Cisco%20Products:%20December%202017&vs_k=1 On December 12, 2017, a research paper with the title <em>Return of Bleichenbacher's Oracle Threat</em> was made publicly available. This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbacher attack on RSA key exchange. Multiple vulnerabilities were identified based on this research.<br /> <br /> An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.<br /> <br /> To exploit these vulnerabilities, an attacker must be able to perform both of the following actions: <br /> <ul> <li>Capture traffic between clients and the affected TLS server.</li> <li>Actively establish a considerable number of TLS connections to the vulnerable server. The actual number of connections required varies with the implementation-specific vulnerabilities, and could range from hundreds of thousands to millions of connections.</li> </ul> <br /> Multiple Cisco products are affected by these vulnerabilities.<br /> <br /> Cisco has released software updates that address some of these vulnerabilities.<br /> <br /> There may be workarounds available for selected products.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12373,CVE-2017-15533,CVE-2017-17428 Fri, 18 May 2018 17:31:50 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20and%20Cisco%20Unified%20Presence%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <p><p>A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.</p> <p>The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user&rsquo;s browser in the context of an affected site.</p></p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0328 Fri, 18 May 2018 15:35:20 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Remote%20Code%20Execution%20and%20Denial%20of%20Service%20Vulnerability&vs_k=1 <strong>Update from February 5, 2018: </strong>After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available. Please see the <a href="#fixed">Fixed Software</a> section for more information. <br /> <br /> <hr /> <br /> A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. It was also possible that&nbsp; the ASA could stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition.<br /> <br /> The vulnerability is due to an issue with allocating and freeing memory when processing a malicious XML payload. An attacker could exploit this vulnerability by sending a crafted XML packet to a vulnerable interface on an affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, cause a reload of the affected device or stop processing of incoming VPN authentication requests.<br /> <br /> To be vulnerable the ASA must have Secure Socket Layer (SSL) services or IKEv2 Remote Access VPN services enabled on an interface. The risk of the vulnerability being exploited also depends on the accessibility of the interface to the attacker. For a comprehensive list of vulnerable ASA features please refer to the table in the <a href="#vulnerable">Vulnerable Products</a> section.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address all the features that are affected by this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0101 Thu, 17 May 2018 17:52:40 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 Cisco Identity Services Engine Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <p><p>A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.</p> <p>The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user&rsquo;s browser in the context of an affected site.</p></p> <p>There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0327 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss Cisco Enterprise NFV Infrastructure Software Web Management Interface Path Traversal Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Enterprise%20NFV%20Infrastructure%20Software%20Web%20Management%20Interface%20Path%20Traversal%20Vulnerability&vs_k=1 <p><p>A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS)&nbsp;could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system.</p> <p>The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system.</p></p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0323 Wed, 16 May 2018 18:05:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Enterprise%20NFV%20Infrastructure%20Software%20CLI%20Command%20Injection%20Vulnerability&vs_k=1 <p><p>A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack.</p> <p>The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exploit this vulnerability by invoking a vulnerable CLI command with crafted malicious parameters. An exploit could allow the attacker to execute arbitrary commands with a non-<em>root</em> user account on the underlying Linux operating system of the affected device.</p></p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0324 Wed, 16 May 2018 17:46:08 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection Cisco Digital Network Architecture Center Unauthorized Access Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Digital%20Network%20Architecture%20Center%20Unauthorized%20Access%20Vulnerability&vs_k=1 <p>A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. </p> <p>This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers.</p> <p> </p> <p> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p> </p> <p> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna</a><br class="t-last-br" /> </p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0268 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna Cisco TelePresence Server Cross-Frame Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20TelePresence%20Server%20Cross-Frame%20Scripting%20Vulnerability&vs_k=1 <p><p>A vulnerability in the web UI of Cisco&nbsp;TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting&nbsp;(XFS) attack against a user of the web UI of the affected software.</p> <p>The vulnerability is due to insufficient protections for HTML inline frames&nbsp;(iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system.</p></p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0326 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs Cisco SocialMiner Notification System Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SocialMiner%20Notification%20System%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system.<br /> <br /> The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities.<br /></p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0290 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Enterprise%20NFV%20Infrastructure%20Software%20Linux%20Shell%20Access%20Vulnerability&vs_k=1 <p><p>A vulnerability in&nbsp;the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device.<br /> <br /> The vulnerability is due to&nbsp;improper input validation of command arguments. An attacker could exploit this vulnerability by using crafted arguments when opening a connection to the affected device. An exploit could allow the attacker to gain shell access with a non-<em>root</em> user account to the underlying Linux operating system on the affected device.</p></p> <p>Due to the system design, access to the Linux shell could allow execution of additional attacks that may have a significant impact on the affected system.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis</a></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0279 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis Cisco Meeting Server Media Services Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meeting%20Server%20Media%20Services%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco&nbsp;Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco&nbsp;Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media process crashes resulting in a DoS condition on the affected product.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. </p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms</a></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0280 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20EAP%20TLS%20Certificate%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)&nbsp;certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to&nbsp;restart unexpectedly, causing a denial of service (DoS) condition on an affected system.<br /> <br /> The vulnerability is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this vulnerability by initiating EAP authentication over TLS to the ISE with a crafted EAP-TLS certificate. A successful exploit could allow the attacker to restart the ISE application server, resulting in a DoS condition on the affected system. The ISE application could continue to restart while the client attempts to establish the EAP authentication connection. <br /> <br /> If an attacker attempted to import the same EAP-TLS certificate to the ISE trust store, it could trigger a DoS condition on the affected system. This exploit vector would require the attacker to have valid administrator credentials.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0277 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Logs%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 <p><p>A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.</p> <p>The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files.</p></p> <p>Cisco has released software updates that address this vulnerability.</p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0289 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss Cisco IP Phone 7800 Series and 8800 Series Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IP%20Phone%207800%20Series%20and%208800%20Series%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p><p>A vulnerability in the Session Initiation Protocol&nbsp;(SIP) call-handling functionality of Cisco&nbsp;IP Phone 7800 Series phones and Cisco&nbsp;IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service&nbsp;(DoS) condition on an affected phone.</p> <p>The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition.</p></p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0325 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-fnd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IoT%20Field%20Network%20Director%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1 <p><p>A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device.</p> <p>The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could create a new, privileged account to obtain full control over the device interface.</p></p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. </p> <p>This advisory is available at the following link: <br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-fnd">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-fnd</a><br class="t-last-br" /> </p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0270 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-fnd Cisco Firepower Threat Defense Software Policy Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-firepwr-pb?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Threat%20Defense%20Software%20Policy%20Bypass%20Vulnerability&vs_k=1 <p>A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic.<br /> <br /> The vulnerability is due to the incorrect handling of TCP SSL packets received out of order. An attacker could exploit this vulnerability by sending a crafted SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured SSL AC policy to block SSL traffic.</p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-firepwr-pb">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-firepwr-pb</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0297 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-firepwr-pb Cisco Digital Network Architecture Center Static Credentials Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Digital%20Network%20Architecture%20Center%20Static%20Credentials%20Vulnerability&vs_k=1 <p>A vulnerability in Cisco&nbsp;Digital Network Architecture&nbsp;(DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials.</p> <p>The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with <em>root</em> privileges.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac</a></p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0222 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac Cisco Digital Network Architecture Center Authentication Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Digital%20Network%20Architecture%20Center%20Authentication%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services.<br /> <br /> The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0271 Wed, 16 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2 Cisco WebEx Recording Format Player Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Recording%20Format%20Player%20Information%20Disclosure%20Vulnerability&vs_k=1 <p><p>A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks.</p> <p>The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file.</p></p> <p>There are no workarounds that address this vulnerability.</p> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0288 Tue, 08 May 2018 16:31:01 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FXOS%20and%20NX-OS%20System%20Software%20Authentication,%20Authorization,%20and%20Accounting%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload.<br /> <br /> The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload.<br /> <br /> An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload.<br /> <br /> Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.<br /> <br /> <strong>Note: </strong>Previous versions of this advisory recommended upgrading the Cisco NX-OS Software Release and configuring the <strong>login block-for</strong> CLI command to prevent this vulnerability. Cisco has since become aware that the <strong>login block-for</strong> CLI command may not function as desired in all cases. This does not apply to Cisco FXOS. Please refer to the <a href="#details">Details</a> section for additional information.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3883 Tue, 08 May 2018 13:55:13 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20File%20Upload%20Servlet%20Path%20Traversal%20and%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files.<br /> <br /> For more information about this vulnerability per Cisco product, see the <a href="#details">Details</a> section of this security advisory.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0258 Mon, 07 May 2018 13:53:27 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Smart%20Install%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the Smart Install feature of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service&nbsp;(DoS) condition.<br /> <br /> The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>Smart Install client functionality is enabled by default on switches that are running Cisco&nbsp;IOS Software releases that have not been updated to address Cisco bug ID&nbsp;<a href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820">CSCvd36820</a>.</p> <p> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi</a><p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0156 Thu, 03 May 2018 19:35:41 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Smart%20Install%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in the Smart Install feature of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.<br /> <br /> The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:<br /> <ul> <li>Triggering a reload of the device</li> <li>Allowing the attacker to execute arbitrary code on the device</li> <li>Causing an indefinite loop on the affected device that triggers a watchdog crash</li> </ul> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>Smart Install client functionality is enabled by default on switches that are running Cisco&nbsp;IOS Software releases that have not been updated to address Cisco bug ID&nbsp;<a href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820">CSCvd36820</a>.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2</a></p> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0171 Thu, 03 May 2018 19:35:38 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 Cisco Wireless LAN Controller 802.11 Management Frame Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20802.11%20Management%20Frame%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.</p> <p>The vulnerability is due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11 management frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p> </p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos</a></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0235 Thu, 03 May 2018 17:27:52 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos Cisco Aironet 1800 Series Access Point 802.11 Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%201800%20Series%20Access%20Point%20802.11%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP.<br /> <br /> The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0249 Wed, 02 May 2018 20:34:19 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos Cisco Secure Access Control System Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-acs1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Access%20Control%20System%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 <p>A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level.</p> <p>The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-acs1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-acs1</a></p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0253 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-acs1 Cisco Wireless LAN Controller IP Fragment Reassembly Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-ip?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20IP%20Fragment%20Reassembly%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-ip">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-ip</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0252 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-ip Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-id?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%205500%20and%208500%20Series%20Wireless%20LAN%20Controller%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited.<br /> <br /> The vulnerability is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker could exploit this vulnerability by sending a malicious URL to the REST API. If successful, an exploit could allow the attacker to view sensitive system information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-id">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-id</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0245 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-id Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Advanced%20Recording%20Format%20Player%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 <p>A vulnerability in the Cisco&nbsp;WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.</p> <p>The vulnerability is due to a design flaw in the affected software. An attacker could exploit this vulnerability by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user&rsquo;s system.</p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0287 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Advanced%20Recording%20Format%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 <p>A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user.</p> <p>An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user&rsquo;s system.</p> <p>The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be installed automatically when a user accesses a recording file that is hosted on a WebEx server.</p> <p>Cisco has updated affected versions of Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and the Cisco WebEx ARF Player to address this vulnerability. There are no workarounds that address this vulnerability.</p> <p> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war</a></p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0264 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war Cisco Prime Service Catalog User Interface Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Service%20Catalog%20User%20Interface%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p><p>A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface.</p> <p>The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface.</p></p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0285 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc Cisco IOS XR Software netconf Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20netconf%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p><div>A vulnerability in the <em>netconf </em>interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system.</div> <p>The vulnerability is due to improper handling of malformed requests processed by the <em>netconf </em>process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system.</p></p> There are no workarounds that address this vulnerability.<br /> <p> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr</a><br class="t-last-br" /> </p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0286 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr Cisco Firepower System Software Transport Layer Security Extensions Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20System%20Software%20Transport%20Layer%20Security%20Extensions%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition.<br /> <br /> The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition.<br /></p> <p>There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0281 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos Cisco Firepower System Software Cross-Origin Domain Protection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20System%20Software%20Cross-Origin%20Domain%20Protection%20Vulnerability&vs_k=1 <p>A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system.<br /> <br /> The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console.</p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0278 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos Cisco Firepower System Software Transport Layer Security Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20System%20Software%20Transport%20Layer%20Security%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p><p>A vulnerability in the detection engine of Cisco&nbsp;Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition.</p> <p>The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition.</p></p> <p> There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0283 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp Cisco Meeting Server Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meeting%20Server%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system.<br /> <br /> The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system.<br /> <br /> Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0262 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx Cisco Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%201810,%201830,%20and%201850%20Series%20Access%20Points%20Point-to-Point%20Tunneling%20Protocol%20Denial%20of%20Service%20Vulnerability&vs_k=1 <p>A vulnerability in the implementation of Point-to-Point Tunneling Protocol&nbsp;(PPTP) functionality in Cisco&nbsp;Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service&nbsp;(DoS) condition.</p> <p>The vulnerability is due to insufficient validation of Generic Routing Encapsulation&nbsp;(GRE) frames that pass through the data plane of an affected access point. An attacker could exploit this vulnerability by initiating a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point. A successful exploit could allow the attacker to cause the NSS core process on the affected access point to crash, which would cause the access point to reload and result in a DoS condition.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp</a> </p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0234 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%20Access%20Points%20Central%20Web%20Authentication%20FlexConnect%20Client%20ACL%20Bypass%20Vulnerability&vs_k=1 A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL).<br /> <br /> The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0250 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl Cisco Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%201800,%202800,%20and%203800%20Series%20Access%20Points%20Secure%20Shell%20Privilege%20Escalation%20Vulnerability&vs_k=1 <p>A vulnerability in the assignment and management of default user accounts for Secure Shell&nbsp;(SSH) access to Cisco&nbsp;Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco&nbsp;Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point.</p> <p>The vulnerability exists because the Cisco&nbsp;Mobility Express controller of the affected software configures the default SSH user account for an access point to be the first SSH user account that was created for the Mobility Express controller, if an administrator added user accounts directly to the controller instead of using the default configuration or the SSH username creation wizard. Although the user account has read-only privileges for the Mobility Express controller, the account could have administrative privileges for an associated access point. An attacker who has valid user credentials for an affected controller could exploit this vulnerability by using the default SSH user account to authenticate to an affected access point via SSH. A successful exploit could allow the attacker to log in to the affected access point with administrative privileges and perform arbitrary administrative actions.</p> <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh</a></p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0226 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh Cisco Wireless LAN Controller and Aironet Access Points IOS WebAuth Client Authentication Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20and%20Aironet%20Access%20Points%20IOS%20WebAuth%20Client%20Authentication%20Bypass%20Vulnerability&vs_k=1 A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic.<br /> <br /> The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0247 Wed, 02 May 2018 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth Cisco WebEx Clients Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Clients%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.<br /> <br /> The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (<em>.swf</em>) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0112 Wed, 02 May 2018 14:08:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS,%20IOS%20XE,%20and%20IOS%20XR%20Software%20Link%20Layer%20Discovery%20Protocol%20Buffer%20Overflow%20Vulnerabilities&vs_k=1 <p>Multiple vulnerabilities in the Link Layer Discovery Protocol&nbsp;(LLDP) subsystem of Cisco&nbsp;IOS Software, Cisco&nbsp;IOS XE Software, and Cisco&nbsp;IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service&nbsp;(DoS) condition or execute arbitrary code with elevated privileges on an affected device.</p> <p> For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p> <p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp</a></p> <p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0167,CVE-2018-0175 Wed, 02 May 2018 13:54:25 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Quality%20of%20Service%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in the quality of service&nbsp;(QoS) subsystem of Cisco&nbsp;IOS Software and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service&nbsp;(DoS) condition or execute arbitrary code with elevated privileges.<br /> <br /> The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.<br /> <br /> The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are workarounds for most affected Cisco products that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos</a><br /> <p><p>This advisory is part of the March 28, 2018, release of the Cisco&nbsp;IOS and IOS&nbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682">Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p></p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2018-0151 Fri, 27 Apr 2018 21:15:15 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Virtual%20Private%20Network%20SSL%20Client%20Certificate%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps.<br /> <br /> The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2018-0227 Fri, 27 Apr 2018 15:46:52 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1 Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20SPA50x,%20SPA51x,%20and%20SPA52x%20Series%20IP%20Phones%20SIP%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the implementation of Session Initiation Protocol&nbsp;(SIP) functionality in Cisco&nbsp;Small Business SPA50<em>x</em>, SPA51<em>x</em>, and SPA52<em>x</em> Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually.<br /> <br /> Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12260 Fri, 27 Apr 2018 14:24:47 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1 Cisco Identity Services Engine Shell Access Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Shell%20Access%20Vulnerability&vs_k=1 <p><p>A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell.</p> <p>The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access.</p></p> <p>There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise</a></p> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2018-0275 Thu, 26 Apr 2018 16:26:06 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20(June%202015)%20Affecting%20Cisco%20Products&vs_k=1 On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research.<br /> <br /> Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory. <br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities may be available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2014-8176,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792 Tue, 24 Apr 2018 13:29:05 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl Cisco Wireless LAN Controller Default Simple Network Management Protocol Community Strings https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wlc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20Default%20Simple%20Network%20Management%20Protocol%20Community%20Strings&vs_k=1 With new installations of Cisco Wireless LAN Controller Software, the installation scripts create default communities for Simple Network Management Protocol (SNMP) Version 2 (SNMPv2) and a default username for SNMP Version 3 (SNMPv3), both allowing for <em>read </em>and <em>write </em>access. <br /> <br /> As documented in the <a href="https://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/8-5/82463-wlc-config-best-practice.html#pgfId-379998">Cisco Wireless LAN Controller Configuration Best Practices guide</a>, the SNMP configuration should either be changed or disabled depending on the environmental requirements. If the default communities and username are not changed or disabled, the system is open for <em>read </em>and <em>write </em>access through SNMP. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wlc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wlc</a> <br/>Security Impact Rating: Informational Mon, 23 Apr 2018 21:00:06 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wlc