Cisco Security Advisory https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Customer%20Voice%20Portal%20Operations%20Console%20Privilege%20Escalation%20Vulnerability&vs_k=1 A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges.<br /> <br /> The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain <em>administrator</em> privileges. The attacker must successfully authenticate to the system to exploit this vulnerability.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12214 Fri, 22 Sep 2017 15:36:08 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%201830%20Series%20and%201850%20Series%20Access%20Points%20Mobility%20Express%20Default%20Credential%20Vulnerability&vs_k=1 A vulnerability in Cisco&nbsp;Aironet 1830 Series and Cisco&nbsp;Aironet 1850 Series Access Points running Cisco&nbsp;Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.<br /> <br /> The vulnerability is due to the existence of default credentials for an affected device that is running Cisco&nbsp;Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell&nbsp;(SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-3834 Thu, 21 Sep 2017 16:45:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%201800,%202800,%20and%203800%20Series%20Access%20Points%20Plug-and-Play%20Arbitrary%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with <em>root </em>privileges.<br /> <br /> The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with <em>root </em>privileges on the underlying operating system of the device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-3873 Thu, 21 Sep 2017 16:44:59 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Mobility%20Express%201800%20Access%20Point%20Series%20Authentication%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the web-based GUI of Cisco Mobility&nbsp;Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.<br /> <br /> The vulnerability is due to improper implementation of authentication for accessing&nbsp;certain web pages using the GUI interface. An attacker could exploit this vulnerability&nbsp;by sending a crafted HTTP request to the web interface of the affected system. A successful&nbsp;exploit could allow the attacker to bypass authentication and perform unauthorized configuration&nbsp;changes or issue control commands to the affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-3831 Thu, 21 Sep 2017 16:44:58 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800 Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Apache%20Struts%202%20Remote%20Code%20Execution%20Vulnerability%20Affecting%20Multiple%20Cisco%20Products:%20September%202017&vs_k=1 On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The Apache Software Foundation classifies the vulnerability as a <em>Medium Severity</em> vulnerability. For more information about this vulnerability, refer to the <a href="#details">Details</a> section of this advisory.<br /> <br /> Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by this vulnerability. <br /> <br /> The following Snort rules can be used to detect possible exploitation of this vulnerability: Snort SIDs 44327 through 44330.<br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-12611 Thu, 21 Sep 2017 16:19:36 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Apache%20Struts%202%20Affecting%20Cisco%20Products:%20September%202017&vs_k=1 On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as <em>Critical Severity</em>, one as <em>Medium Severity</em>, and one as <em>Low Severity</em>. For more information about the vulnerabilities, refer to the <a href="#details">Details</a> section of this advisory.<br /> <br /> Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by these vulnerabilities. <br /> <br /> The following Snort rule can be used to detect possible exploitation of this vulnerability: Snort SID 44315. <br /> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-9793,CVE-2017-9804,CVE-2017-9805 Thu, 21 Sep 2017 16:10:41 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Cluster%20Management%20Protocol%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.<br /> <br /> The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:<br /> <ul> <li> The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and</li> <li>The incorrect processing of malformed CMP-specific Telnet options. </li> </ul> An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-3881 Thu, 21 Sep 2017 14:39:41 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Intelligence%20Center%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web framework code of Cisco&nbsp;Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12248 Wed, 20 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic Cisco Wide Area Application Services HTTP Application Optimization Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wide%20Area%20Application%20Services%20HTTP%20Application%20Optimization%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition.<br /> <br /> The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12250 Wed, 20 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-ucs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Central%20Software%20Command%20Line%20Interface%20Restricted%20Shell%20Break%20Vulnerability&vs_k=1 A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access.<br /> <br /> The vulnerability is due to insufficient input validation of commands entered in the CLI. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-ucs">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-ucs</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12255 Wed, 20 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-ucs Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20SPA300,%20SPA500,%20and%20SPA51x%20Series%20IP%20Phones%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12219 Wed, 20 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa Cisco Small Business Managed Switches Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20Managed%20Switches%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6720 Wed, 20 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms Cisco FindIT DLL Preloading Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-findit?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FindIT%20DLL%20Preloading%20Vulnerability&vs_k=1 A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity.<br /> <br /> The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-findit">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-findit</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12252 Wed, 20 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-findit Cisco Email Security Appliance Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device.<br /> <br /> The vulnerability is due to improper input validation of email attachments that contain corrupted fields. An attacker could exploit this vulnerability by sending an email message with an attachment that contains corrupted fields through a targeted device. When the affected software filters the attachment, the filtering process could crash when the system runs out of memory and the process restarts, resulting in a DoS condition. After the filtering process restarts, the software resumes filtering for the same attachment, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a repeated DoS condition.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-12215 Wed, 20 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Intelligence%20Center%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12254 Wed, 20 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2 Cisco Unified Intelligence Center User Interface Cross-Site Request Forgery Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Intelligence%20Center%20User%20Interface%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1 A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions.<br /> <br /> The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12253 Wed, 20 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1 Cisco Email Security Appliance Malformed EML Attachment Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-esa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Email%20Security%20Appliance%20Malformed%20EML%20Attachment%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user.<br /> <br /> The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-esa">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-esa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12218 Mon, 18 Sep 2017 12:40:54 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-esa Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20September%202016&vs_k=1 On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as &ldquo;Critical Severity,&rdquo; one as &ldquo;Moderate Severity,&rdquo; and the other 12 as &ldquo;Low Severity.&rdquo; <br /> <br /> Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as &ldquo;High Severity&rdquo; and the other as &ldquo;Moderate Severity.&rdquo; <br /> <br /> Of the 16 released vulnerabilities:<br /> <ul> <li>Fourteen track issues that could result in a denial of service (DoS) condition</li> <li>One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality</li> <li>One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system</li> </ul> <br /> Five of the 16 vulnerabilities exclusively affect the recently released OpenSSL versions that are part of the 1.1.0 release series, which has not yet been integrated into any Cisco product.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6305,CVE-2016-6306,CVE-2016-6307,CVE-2016-6308,CVE-2016-6309,CVE-2016-7052 Fri, 15 Sep 2017 23:17:49 CDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meeting%20Server%20TURN%20Server%20Unauthorized%20Access%20and%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the Traversal Using Relay NAT&nbsp;(TURN) server included with Cisco&nbsp;Meeting Server&nbsp;(CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system.<br /> <br /> The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of the affected system.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn</a> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2017-12249 Wed, 13 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20Cisco%20IOS%20XE%20Software%20UDP%20Packet%20Processing%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the UDP processing code of Cisco&nbsp;IOS and Cisco&nbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to Cisco&nbsp;IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of <em>0</em> to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets.<br /> <br /> There are workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6627 Thu, 07 Sep 2017 13:35:32 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp Cisco ASR 5500 System Architecture Evolution Gateway GPRS Tunneling Protocol Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%205500%20System%20Architecture%20Evolution%20Gateway%20GPRS%20Tunneling%20Protocol%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the General Packet Radio Service&nbsp;(GPRS) Tunneling Protocol ingress packet handler of Cisco&nbsp;ASR 5500 System Architecture Evolution&nbsp;(SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service&nbsp;(DoS) condition on an affected device.<br /> <br /> The vulnerability is due to improper input validation of GPRS Tunneling Protocol packet headers. An attacker could exploit this vulnerability by sending a malformed GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12217 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr Cisco Unified Communications Manager Trust Verification Service Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Trust%20Verification%20Service%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the Trust Verification Service&nbsp;(TVS) of Cisco&nbsp;Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6791 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm Cisco Yes Set-Top Box Denial of Service vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Yes%20Set-Top%20Box%20Denial%20of%20Service%20vulnerability&vs_k=1 A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> <br /> The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition.<br /> <br /> Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6631 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb Cisco SocialMiner XML External Entity Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SocialMiner%20XML%20External%20Entity%20Injection%20Vulnerability&vs_k=1 A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system.<br /> <br /> The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application.<br /> <br /> Additional information about XXE attacks and potential mitigations can be found at: <a href="https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing">https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing</a><br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12216 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin Cisco IOS and Cisco IOS XE Software IPv6 SNMP Message Handling Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-snmp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20Cisco%20IOS%20XE%20Software%20IPv6%20SNMP%20Message%20Handling%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device.<br /> <br /> The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this vulnerability by polling the affected device IPv6 information. An exploit could allow the attacker to trigger high CPU usage or a reload of the device.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-snmp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-snmp</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12211 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-snmp Cisco Prime LAN Management Solution Session Fixation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-prime-lms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20LAN%20Management%20Solution%20Session%20Fixation%20Vulnerability&vs_k=1 A vulnerability in the web functionality of the Cisco&nbsp;Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session.<br /> <br /> The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-prime-lms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-prime-lms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12225 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-prime-lms Cisco Prime Collaboration Provisioning Tool Inventory Management Feature Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Collaboration%20Provisioning%20Tool%20Inventory%20Management%20Feature%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system.<br /> <br /> The vulnerability is due to insufficient protection of restricted information. An attacker could exploit this vulnerability by accessing unauthorized information via the user interface.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6793 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt1 Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Collaboration%20Provisioning%20Tool%20System%20File%20Overwrite%20Vulnerability&vs_k=1 A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root.<br /> <br /> The vulnerability is due to lack of input validation of the parameters in <em>BatchFileName </em>and <em>Directory</em>. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6792 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt Cisco IR800 Integrated Services Router ROM Monitor Input Validation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IR800%20Integrated%20Services%20Router%20ROM%20Monitor%20Input%20Validation%20Vulnerability&vs_k=1 A vulnerability in the ROM Monitor (ROMMON) code of Cisco&nbsp;IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system.<br /> <br /> The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12223 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr Cisco IoT Field Network Director Memory Exhaustion Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IoT%20Field%20Network%20Director%20Memory%20Exhaustion%20Denial%20of%20Service%20Vulnerability&vs_k=1 A vulnerability in the TCP throttling process for Cisco&nbsp;IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart.<br /> <br /> The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6780 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd Cisco Firepower Management Center Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Management%20Center%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web framework of Cisco&nbsp;Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting&nbsp;(XSS) attack against a user of the web interface of the affected software.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the affected software. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the affected system.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12221 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-2 Cisco Firepower Management Center Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Management%20Center%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. <br /> <br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12220 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-1 Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Intelligence%20Center%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the Cisco&nbsp;Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack.<br /> <br /> The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database.<br /> <br /> There are no workarounds that address this vulnerability. <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6789 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unity%20Connection%20Reflected%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 A vulnerability in the web framework of Cisco&nbsp;Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system.<br /> <br /> The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuc</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12212 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuc Cisco Meeting Server Guest Hyperlink Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meeting%20Server%20Guest%20Hyperlink%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied.<br /> <br /> The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12224 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cms Cisco Emergency Responder Blind SQL Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Emergency%20Responder%20Blind%20SQL%20Injection%20Vulnerability&vs_k=1 A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack.<br /> <br /> The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.<br /> <br /> The following link provides additional information:<br /> <a href="https://www.owasp.org/index.php/SQL_Injection">https://www.owasp.org/index.php/SQL_Injection</a><br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12227 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer Cisco Catalyst 4000 Series Switches Dynamic ACL Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Catalyst%204000%20Series%20Switches%20Dynamic%20ACL%20Bypass%20Vulnerability&vs_k=1 A vulnerability in the dynamic access control list (ACL) feature of Cisco&nbsp;IOS XE Software running on Cisco&nbsp;Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port.<br /> <br /> The vulnerability is due to an uncaught error condition that may occur during the reassignment of the <em>auth-default-ACL</em> dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port.<br /> <br /> There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-12213 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary File Overwrite Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20for%20Cisco%20ASR%20920%20Series%20Routers%20Arbitrary%20File%20Overwrite%20Vulnerability&vs_k=1 A vulnerability in the USB-modem code of Cisco&nbsp;IOS XE Software running on Cisco&nbsp;ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device.<br /> <br /> The vulnerability is due to improper input validation of the <strong>platform usb modem</strong> command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the <strong>platform usb modem</strong> command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-2</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6795 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-2 Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary Command Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20for%20Cisco%20ASR%20920%20Series%20Routers%20Arbitrary%20Command%20Execution%20Vulnerability&vs_k=1 A vulnerability in the USB-modem code of Cisco&nbsp;IOS XE Software running on Cisco&nbsp;ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.<br /> <br /> The vulnerability is due to improper input validation of the <strong>platform usb modem</strong> command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the <strong>platform usb modem</strong> command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6796 Wed, 06 Sep 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-1 Cisco Smart Net Total Care Contracts Details Page SQL Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-sntc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Smart%20Net%20Total%20Care%20Contracts%20Details%20Page%20SQL%20Injection%20Vulnerability&vs_k=1 A vulnerability in the web-based management interface of the Cisco&nbsp;Smart Net Total Care&nbsp;(SNTC) Contracts Details Page could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks.<br /> <br /> The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. An attacker could exploit this vulnerability by submitting crafted URLs, which are designed to exploit the vulnerability, to the affected software. To execute an attack successfully, the attacker would need to submit a number of requests to the affected software. A successful exploit could allow the attacker to determine the presence of values in the SQL database of the affected software.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-sntc">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-sntc</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6754 Thu, 24 Aug 2017 15:30:19 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-sntc Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meeting%20Server%20Command%20Injection%20and%20Privilege%20Escalation%20Vulnerability&vs_k=1 A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to <em>root</em>. The attacker must first authenticate to the application with valid administrator credentials.<br /> <br /> The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to <em>root</em>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6794 Wed, 23 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Application%20Policy%20Infrastructure%20Controller%20SSH%20Privilege%20Escalation%20Vulnerability&vs_k=1 A vulnerability in Cisco Application Policy Infrastructure Controller (APIC)&nbsp;could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user&nbsp;to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain <em>root</em>-level<em> </em>privileges.<br /> <br /> The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role.<br /> <br /> Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6767 Wed, 16 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1 Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Elastic%20Services%20Controller%20Configuration%20Files%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information.<br /> <br /> The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6772 Wed, 16 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1 Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Virtual%20Network%20Function%20Element%20Manager%20Arbitrary%20Command%20Execution%20Vulnerability&vs_k=1 A vulnerability in the Cisco&nbsp;Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the <em>root </em>user on the server.<br /> <br /> The vulnerability is due to command settings that allow&nbsp;Cisco VNF Element Manager users to specify arbitrary commands that will run as <em>root </em>on the server. An attacker could use this setting to elevate privileges and run commands in the context of the <em>root </em>user on the server.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.&nbsp; <br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6710 Wed, 16 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Security%20Appliances%20SNMP%20Polling%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in SNMP polling for the Cisco&nbsp;Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user.<br /> <br /> The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6783 Wed, 16 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20RV340,%20RV345,%20and%20RV345P%20Dual%20WAN%20Gigabit%20VPN%20Routers%20Information%20Disclosure%20Vulnerability&vs_k=1 A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks.<br /> <br /> The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application.<br /> <br /> Workarounds that address this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6784 Wed, 16 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr Cisco Policy Suite Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Policy%20Suite%20Privilege%20Escalation%20Vulnerability&vs_k=1 A vulnerability in the management of <em>shell</em> user accounts for Cisco&nbsp;Policy Suite&nbsp;(CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the <em>root</em> level.<br /> <br /> The vulnerability is due to incorrect role-based access control&nbsp;(RBAC) for <em>shell</em> user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted.<br /> <br /> To exploit this vulnerability, the attacker must log in to the appliance with valid credentials.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6781 Wed, 16 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps Cisco Prime Infrastructure HTML Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Infrastructure%20HTML%20Injection%20Vulnerability&vs_k=1 A vulnerability in the administrative web interface of Cisco&nbsp;Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application.<br /> <br /> The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code.<br /> <br /> For additional information about HTML injection attacks and potential mitigation methods, see <a href="https://www.owasp.org/index.php/Testing_for_HTML_Injection_(OTG-CLIENT-003)">https://www.owasp.org/index.php/Testing_for_HTML_Injection_(OTG-CLIENT-003)</a>.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6782 Wed, 16 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20AnyConnect%20WebLaunch%20Cross-Site%20Scripting%20Vulnerability&vs_k=1 The WebLaunch functionality of Cisco&nbsp;AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting&nbsp;(XSS) attack against a user of the affected software.<br /> <br /> The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request.<br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw</a> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2017-6788 Wed, 16 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Application%20Policy%20Infrastructure%20Controller%20Custom%20Binary%20Privilege%20Escalation%20Vulnerability&vs_k=1 A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain <em>root</em>-level privileges. <br /> <br /> The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain <em>root</em>-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device.<br /> <br /> Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2</a> <br/>Security Impact Rating: High <br/>CVE: CVE-2017-6768 Wed, 16 Aug 2017 16:00:00 CDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2