332 replies to this topic

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vuln
- https://tools.cisco....sa-20160419-ios
2016 Apr 19 v1.0 - "Summary: A vulnerability in the ntp subsystem of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to mobilize ntp associations. The vulnerability is due to missing authorization checks on certain ntp packets. An attacker could exploit this vulnerability by ingressing malicious packets to the ntp daemon. An exploit could allow the attacker to control the time of the affected device. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: The following Cisco products are vulnerable:
 Cisco IOS 15.5(3)M01 and prior
 Cisco IOS XE 3.2.0 to 3.18.0S ...
- http://www.securityt....com/id/1035622
CVE Reference: CVE-2016-1384
Apr 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IOS 15.5(3)M01 and prior; IOS XE 3.2.0 to 3.18.0S ...
The vendor has assigned bug ID CSCux46898 to this vulnerability.
Impact: A remote user can modify the time on the target device.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Wireless LAN Controller HTTP Parsing DoS Vuln
- https://tools.cisco....a-20160420-htrd
2016 Apr 20 v1.0 Critical - "Summary: A vulnerability in the HTTP URL redirect feature of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to cause the device to reload, resulting in a DoS condition, or execute arbitrary code on the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following releases of Cisco WLC Software are vulnerable:
    All 7.2 releases
    All 7.3 releases
    All 7.4 releases prior to 7.4.140.0(MD)
    All 7.5 releases
    All 7.6 releases
    All 8.0 releases prior to 8.0.115.0(ED) ...
- http://www.securityt....com/id/1035633
CVE Reference: CVE-2016-1363
Apr 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.2.x, 7.3.x, 7.4.x prior to 7.4.140.0(MD), 7.5.x, 7.6.x, 8.0.x prior to 8.0.115.0(ED)
The vendor has assigned bug ID CSCus25617 to this vulnerability.
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (7.4.140.0(MD), 8.0.115.0(ED), 8.0.132.0)...
___

Cisco Wireless LAN Controller DoS Vuln
- https://tools.cisco....a-20160420-bdos
2016 Apr 20 v1.0 High - "Summary: A vulnerability in the Bonjour task manager of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Bonjour traffic by the affected software. An attacker could exploit this vulnerability by sending crafted Bonjour traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following releases of Cisco WLC Software are vulnerable:
    All 7.4 releases prior to 7.4.130.0(MD)
    All 7.5 releases
    All 7.6 releases
    All 8.0 releases prior to 8.0.110.0(ED) ...
- http://www.securityt....com/id/1035632
CVE Reference: CVE-2016-1364
Apr 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.4.x prior to 7.4.130.0(MD) 7.5.x, 7.6.x, 8.0.x prior to 8.0.110.0(ED)
The vendor has assigned bug ID CSCur66908 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix (7.4.130(MD), 8.0.132.0)...
___

Cisco Wireless LAN Controller Management Interface DoS Vuln
- https://tools.cisco....sa-20160420-wlc
2016 Apr 20 v1.0 High - "Summary: A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) devices running Cisco AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability...
Vulnerable Products: Cisco WLC devices running the following releases of Cisco AireOS Software are vulnerable:
    Releases 4.1 through 7.4.120.0
    All 7.5 releases
    Release 7.6.100.0 ...
- http://www.securityt....com/id/1035634
CVE Reference: CVE-2016-1362
Apr 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1 - 7.4.120.0, 7.5.x, 7.6.100.0 ...
The vendor has assigned bug ID CSCun86747 to this vulnerability.
Impact: A remote user can cause the target device to reload.
Solution: The vendor has issued a fix (7.4.130(MD), 7.6.120.0, 8.0.132.0)...
___

Multiple Cisco Products libSRTP DoS Vuln
- https://tools.cisco....0160420-libsrtp
2016 Apr 20 v1.0 High - "Summary: Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol (SRTP) library (libSRTP), which addresses a denial of service (DoS) vulnerability. Multiple Cisco products incorporate a vulnerable version of the libSRTP library. The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device. The impact of this vulnerability on Cisco products may vary depending on the affected product. Details about the impact on each product are outlined in the "Conditions" section of each Cisco bug for this vulnerability. The bug IDs are listed at the top of this advisory and in the table in "Vulnerable Products"...
- http://www.securityt....com/id/1035637
CVE Reference: CVE-2015-6360
Apr 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5500-X series; prior to versions 8.4.7.31, 9.1.7, 9.2.4.6, 9.3.3.8 ...
The vendor has assigned bug ID CSCux00686 to this vulnerability.
Other Cisco products are affected.
Impact: A remote user can cause the target system to restart.
Solution: The vendor has issued a fix (8.4.7.31, 9.1.7, 9.2.4.6, 9.3.3.8)...
- http://www.securityt....com/id/1035636
CVE Reference: CVE-2015-6360
Apr 20 2016
The vendor has assigned bug ID CSCux04317 to this vulnerability.
Other Cisco products are affected.
Impact: A remote user can cause the target system to restart.
Solution: The vendor has issued a fix (3.14.3S, 3.13.5S, 3.16.2S, 3.10.7S, 3.17.1S, 3.15.3S)...
___

Cisco Adaptive Security Appliance Software DHCPv6 Relay DoS Vuln
- https://tools.cisco....0420-asa-dhcpv6
2016 Apr 20 v1.0 High - "Summary: A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. The vulnerability is triggered only by IPv6 traffic. This vulnerability affects Cisco ASA Software release 9.4.1 only.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco ASA Software is affected by this vulnerability only if the DHCPv6 relay feature...
- http://www.securityt....com/id/1035635
CVE Reference: CVE-2016-1367
Apr 20 2016  
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.4.1 ...
The vendor has assigned bug ID CSCus23248 to this vulnerability.
Impact: A remote user can cause the target device to reload.
Solution: The vendor has issued a fix (9.4(1.1))...
___

Other Cisco products affected by:

'libSRTP DoS Vuln': https://web.nvd.nist...d=CVE-2015-6360
See 'Vulnerable Products' here:
>> https://tools.cisco....0160420-libsrtp
1. Cisco ASA deprecated the phone proxy feature that uses SRTP as of release 9.4.1.
2. Cisco IOS XE platforms are vulnerable if they are configured to use Cisco Unified Border Element (CUBE) or Session Border Controller (SBC) features to terminate or translate SRTP sessions.

 

> http://www.securityt....com/id/1035648
CVE Reference: CVE-2015-6360
Apr 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
Version(s): 1.x, 2.x
Description: A vulnerability was reported in Cisco WebEx Meetings Server. A remote user can cause denial of service conditions.
The vendor has assigned bug ID CSCux00729 to this vulnerability.
Systems configured for secure teleconferencing and with SRTP teleconferencing encryption enabled are affected.
Impact: A remote user can cause denial of service conditions.
Solution: The vendor plans to issue a fix (2.6.1, 2.7; June 2016)...
> http://www.securityt....com/id/1035649
CVE Reference: CVE-2015-6360
Apr 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Description: A vulnerability was reported in Cisco Jabber. A remote user can cause denial of service conditions.
The vendor has assigned bug ID CSCux00711 to this vulnerability.
Systems configured with EnableNGEPolicy using AEC-GCM encryption are affected.
Impact: A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (11.6)...
> http://www.securityt....com/id/1035650
CVE Reference: CVE-2015-6360
Apr 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
Description: A vulnerability was reported in Cisco Unity Connection. A remote user can cause denial of service conditions.
The vendor has assigned bug ID CSCux35568 to this vulnerability.
Impact: A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (10.5(2)SU3)...
> http://www.securityt....com/id/1035651
CVE Reference: CVE-2015-6360
Apr 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
Description: A vulnerability was reported in Cisco IP Phones. A remote user can cause denial of service conditions.
The vendor has assigned bug IDs CSCux00697, CSCux00707, CSCux00708, CSCux00745, CSCux00742, CSCux00748, CSCux01782, CSCux01786, and CSCux37802 to this vulnerability...
Impact: A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix.
A patch matrix is available in the vendor advisory...
> http://www.securityt....com/id/1035652
CVE Reference: CVE-2015-6360
Apr 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
Description: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can cause denial of service conditions.
The vendor has assigned bug ID CSCux00716 to this vulnerability.
Systems configured with SRTP are affected.
Impact: A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (10.5(2)SU3)...
___

- https://www.us-cert....ecurity-Updates
April 20, 2016
 

Edited by AplusWebMaster, 21 April 2016 - 01:44 PM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vuln
- https://tools.cisco....a-20160428-apic
2016 Apr 28 v1.0 - "Summary: A vulnerability in the application programming interface (API) of Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, remote attacker to create false system notifications for administrators. The vulnerability is due to insufficient protection of API functions. An attacker could exploit this vulnerability by sending modified attribute-value pairs back to the affected system. An exploit could allow the attacker to trick an administrative user into performing a malicious task on behalf of the attacker. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco APIC-EM release 1.0(1) is vulnerable...
- http://www.securityt....com/id/1035702
CVE Reference: CVE-2016-1386
Apr 28 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): APIC-EM 1.0(1) ...
The vendor has assigned bug ID CSCux15521 to this vulnerability.
Impact: A remote user can cause false system notifications to be issued to administrators.
Solution: The vendor has issued a fix...
___

Cisco WebEx Meetings Server Open Redirect Vuln
- https://tools.cisco....a-20160428-cwms
2016 Apr 28 v1.0 - "Summary: A vulnerability in the Cisco WebEx Meetings Server (CWMS) web interface could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. This vulnerability is known as an "Open Redirect Attack" and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco WebEx Meetings Server release 2.6 is vulnerable...
- http://www.securityt....com/id/1035703
CVE Reference: CVE-2016-1389
Apr 28 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.6 ...
The vendor has assigned bug ID CSCuy44695 to this vulnerability.
Impact: A remote user can cause the target user's browser to be redirected to an arbitrary web site.
Solution: The vendor has issued a fix...
___

Cisco Information Server XML Parser DoS Vuln
- https://tools.cisco....sa-20160428-cis
2016 Apr 28 v1.0 - "Summary: A vulnerability in the default configuration of the XML parser component of Cisco Information Server (CIS) could allow an unauthenticated, remote attacker to access sensitive data or cause excessive consumption of system resources, which could cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper handling of XML External Entities (XXE) by the affected software when the software parses XML files. An attacker could exploit this vulnerability by submitting a crafted XML header to the CIS web framework of an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Information Server Release 6.2...
___

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products
- https://tools.cisco....a-20160428-ntpd
Apr 29, 2016 v1.1 - "Summary: Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server. On April 26, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details 11 issues regarding DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a system's time. Two of the vulnerabilities disclosed in the NTP security notice address issues that were previously disclosed without a complete fix. The new vulnerabilities disclosed in this document are as follows:
• CVE-2016-1547: Network Time Protocol CRYPTO-NAK Denial of Service Vulnerability
• CVE-2016-1548: Network Time Protocol Interleave-Pivot Denial of Service Vulnerability
• CVE-2016-1549: Network Time Protocol Sybil Ephemeral Association Attack Vulnerability
• CVE-2016-1550: Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks
• CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability
• CVE-2016-2516: Network Time Protocol Duplicate IPs on Unconfig Directives Will Cause an Assertion Botch in ntpd
• CVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated
• CVE-2016-2518: Network Time Protocol Crafted addpeer Causes Array Wraparound with MATCH_ASSOC
• CVE-2016-2519: Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked
The two vulnerabilities that were were previously disclosed without a complete fix are as follows:
• CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass
• CVE-2015-7704: Network Time Protocol Packet Processing Denial of Service Vulnerability
Those vulnerabilities were disclosed by Cisco in the following Cisco Security Advisories:
• Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
> https://tools.cisco....sa-20151021-ntp
• Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016
> https://tools.cisco....a-20160127-ntpd
Additional details about each vulnerability are in the NTP Consortium Security Notice*.
Cisco will release software updates that address these vulnerabilities.
Workarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product...
* http://support.ntp.o..._2_8p7_Security
 

Edited by AplusWebMaster, 29 April 2016 - 11:42 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco TelePresence XML Application Programming Interface Authentication Bypass Vuln
- https://tools.cisco....-20160504-tpxml
2016 May 4 v1.0 Critical - "Summary: A vulnerability in the XML application programming interface (API) of Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to bypass authentication and access a targeted system through the API. The vulnerability is due to improper implementation of authentication mechanisms for the XML API of the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the XML API. A successful exploit could allow the attacker to perform unauthorized configuration changes or issue control commands to the affected system by using the API.    Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability...
Vulnerable Products: This vulnerability affects Cisco TelePresence Software releases TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, and CE 8.1.0 running on the following Cisco products:
    TelePresence EX Series
    TelePresence Integrator C Series
    TelePresence MX Series
    TelePresence Profile Series
    TelePresence SX Series
    TelePresence SX Quick Set Series
    TelePresence VX Clinical Assistant
    TelePresence VX Tactical
Determining the Cisco TelePresence Software Release: To determine which Cisco TelePresence Software release is running on a Cisco product, administrators can check the system information on the local touch control device or on-screen via the infrared (IR) remote controller. Administrators can also determine which software release is running by logging in to the web interface and using the http(s) ://<system-ip> command or, via the external API (xAPI) with the SSH protocol, using the ssh admin@ <system-ip> command. After logging in to the web interface, the welcome text displays information about the software release that is running on the device...
- http://www.securityt....com/id/1035744
CVE Reference: CVE-2016-1387
May 4 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5; CE 8.0.0, 8.0.1, 8.1.0
The vendor has assigned bug ID CSCuz26935 to this vulnerability.
Impact: A remote user can modify the configuration or execute control commands.
Solution: The vendor has issued a fix (TC 7.3.6; CE 8.1.1)...
___

Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging DoS Vuln
- https://tools.cisco....20160504-fpkern
2016 May 4 v1.0 High - "Summary: A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain IP packets. An attacker could exploit this vulnerability by sending a flood of specially crafted IP packets to the affected device. An exploit could allow the attacker to cause the Cisco FirePOWER module to cease inspecting traffic or go offline. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: All versions of Firepower System Software for the ASA 5585-X FirePOWER SSP modules are affected by this vulnerability. The vulnerability does not depend on the software configuration.
Determining the ASA 5585-X FirePOWER SSP Software Version: To determine the running version, issue the show version command from the command-line interface, which an administrator can access via the serial console, an SSH session to the management interface, or a session opened from the parent ASA 5585-X FirePOWER SSP module using the session command...
- http://www.securityt....com/id/1035743
CVE Reference: CVE-2016-1369
May 4 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ASA 5585-X FirePOWER SSP modules ...
The vendor has assigned bug ID CSCux19922 to this vulnerability.
Impact: A remote user can cause the target Cisco FirePOWER module to stop inspecting traffic or to go offline.
Solution: The vendor has issued a fix...
___

Cisco FirePOWER System Software Packet Processing DoS Vuln
- https://tools.cisco....60504-firepower
2016 May 4 v1.0 High - "Summary: A vulnerability in the packet processing functions of Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper packet handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco FirePOWER System Software releases 5.3.0 through 5.3.0.6 and 5.4.0 through 5.4.0.3 when running on the following Cisco products:
    Cisco FirePOWER 7000 Series Appliances
    Cisco FirePOWER 8000 Series Appliances
    Cisco Advanced Malware Protection (AMP) for Networks running on Cisco FirePOWER 7000 Series Appliances
    Cisco Advanced Malware Protection (AMP) for Networks running on Cisco FirePOWER 8000 Series Appliances ...
___

Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vuln
- https://tools.cisco....0160504-finesse
2016 May 4 v1.0 - "Summary: A vulnerability in the web interface of Cisco Finesse could allow an unauthenticated, remote attacker to trigger the Finesse server to perform an HTTP request to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the Finesse application programming interface (API) for gadgets integration. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the Finesse server. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: The following Cisco Finesse versions are affected:
    8.5(1) through 8.5(5)
    8.6(1)
    9.0(1) and 9.0(2)
    9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, and 9.1(1)ES1 through 9.1(1)ES5
    10.0(1), 10.0(1)SU1, and 10.0(1)SU1.1
    10.5(1), 10.5(1)ES1 through 10.5(1)ES4
    10.5(1)SU1, 10.5(1)SU1.1, and 10.5(1)SU1.7
    10.6(1), 10.6(1)SU1, and 10.6(1)SU2
    11.0(1) ...
- http://www.securityt....com/id/1035756
CVE Reference: CVE-2016-1373
May 6 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.5(1) - 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 - 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 - 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, 11.0(1)
The vendor has assigned bug ID CSCuw86623 to this vulnerability.
Impact: A remote user can cause the target system to connect to arbitrary hosts.
Solution: The vendor has issued a fix...
___

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
- https://tools.cisco....0160504-openssl
2016 May 4 v1.0 - "Summary: On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Out of the six vulnerabilities disclosed, four of them may cause a memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities. This advisory will be updated as additional information becomes available...
Affected Products: Cisco is currently investigating its product line to determine which products may be affected by these vulnerabilities and the impact on each affected product. As the investigation progresses, this document will be updated to include Cisco bug IDs for each affected product. The bugs will be accessible through the Cisco Bug Search Tool* and will contain additional platform-specific information, including workarounds (if available) and fixed software versions...
* https://tools.cisco....earch/bug/BUGID
___

Cisco Prime Collaboration Assurance Open Redirect Vuln
- https://tools.cisco....sa-20160503-pca
2016 May 3 v1.0 - "Summary: A vulnerability in the web interface of Cisco Prime Collaboration Assurance Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters by the affected software. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the web interface of the affected software, which could cause the web interface to redirect the request to a malicious web page at a specified URL. This vulnerability is referred to as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. Cisco has released software updates that address this vulnerability. There are now workarounds that address this vulnerability...
Vulnerable Products: Cisco Prime Collaboration Assurance Software releases 10.5 to 11.0 are vulnerable...
- http://www.securityt....com/id/1035736
CVE Reference: CVE-2016-1392
May 4 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Assurance 10.5 - 11.0 ...
The vendor has assigned bug ID CSCuu34121 to this vulnerability.
Impact: A remote user can cause the target user's browser to be redirected to an arbitrary web site.
Solution: The vendor has issued a fix...
___

- https://www.us-cert....ecurity-Updates
May 04, 2016
 

Edited by AplusWebMaster, 06 May 2016 - 04:18 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Web Security Appliance HTTP POST DoS Vuln
- https://tools.cisco....a-20160518-wsa1
2016 May 18 v1.0 High - "Summary: A vulnerability that occurs when parsing an HTTP POST request with Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process becoming unresponsive. The vulnerability is due to a lack of proper input validation of the packets that make up the HTTP POST request. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the affected device. An exploit could allow the attacker to cause a DoS condition due to the proxy process becoming unresponsive and the WSA reloading. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco AsyncOS versions for Cisco WSA on both virtual and hardware appliances. See the "Fixed Software" section of this security advisory for additional information about the affected software versions. To determine whether a vulnerable version of Cisco AsyncOS Software is running on a Cisco WSA, administrators can use the version command in the WSA command-line interface (CLI). The following example shows the results for an appliance running Cisco AsyncOS Software version 8.5.3-051:
ciscowsa> version
Current Version
Product: Cisco IronPort S670 Web Security Appliance
Model: S670
Version: 8.5.3-051 ...
> http://www.securityt....com/id/1035908
CVE Reference: CVE-2016-1380
May 18 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug ID CSCuo12171 to this vulnerability.
Impact: A remote user can cause the target proxy process to become unresponsive and the system to reload.
Solution: The vendor has issued a fix...
___

Cisco Web Security Appliance Cached Range Request DoS Vuln
- https://tools.cisco....a-20160518-wsa2
2016 May 18 v1.0 High - "Summary: A vulnerability in the cached file-range request functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance due to the appliance running out of system memory. The vulnerability is due to a failure to free memory when a file range for cached content is requested through the WSA. An attacker could exploit this vulnerability by opening multiple connections that request file ranges through the affected device. A successful exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is used and not freed. Cisco has released software updates that address this vulnerability. A workaround that addresses this vulnerability is also available...
Vulnerable Products: This vulnerability affects Cisco AsyncOS versions for Cisco WSA on both virtual and hardware appliances. See the "Fixed Software" section of this security advisory for additional information about the affected software versions. To determine whether a vulnerable version of Cisco AsyncOS Software is running on a Cisco WSA, administrators can use the version command in the WSA command-line interface (CLI). The following example shows the results for an appliance running Cisco AsyncOS Software version 8.5.3-051:
ciscowsa> version
Current Version
Product: Cisco IronPort S670 Web Security Appliance
Model: S670
Version: 8.5.3-051 ...
- http://www.securityt....com/id/1035909
CVE Reference: CVE-2016-1381
May 18 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.5, 8.6, 8.7, 8.8, 9.x prior to 9.0.1-162 ...
The vendor has assigned bug ID CSCuw97270 to this vulnerability.
Impact: A remote user can cause the target system to stop processing traffic.
Solution: The vendor has issued a fix (9.0.1-162)...
___

Cisco Web Security Appliance HTTP Length DoS Vuln
- https://tools.cisco....a-20160518-wsa3
2016 May 18 v1.0 High - "Summary: A vulnerability in HTTP request parsing in Cisco AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the proxy process unexpectedly restarts. The vulnerability occurs because the affected software does not properly allocate space for the HTTP header and any expected HTTP payload. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition when the proxy process unexpectedly reloads, which can cause traffic to be dropped. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco AsyncOS versions for Cisco WSA on both virtual and hardware appliances. See the "Fixed Software" section of this security advisory for additional information about the affected software versions. To determine whether a vulnerable version of Cisco AsyncOS Software is running on a Cisco WSA, administrators can use the version command in the WSA command-line interface (CLI). The following example shows the results for an appliance running Cisco AsyncOS Software version 8.5.3-051:
ciscowsa> version
Current Version
Product: Cisco IronPort S670 Web Security Appliance
Model: S670
Version: 8.5.3-051 ...
- http://www.securityt....com/id/1035910
CVE Reference: CVE-2016-1382
May 18 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.7, 8.0, 8.5 prior to 8.5.3-069, 8.6, 8.7, 8.8 ...
The vendor has assigned bug ID CSCuu02529 to this vulnerability.
Impact: A remote user can cause the target proxy process to restart and the system to drop traffic.
Solution: The vendor has issued a fix (8.5.3-069, 9.0.1-162)...
___

Cisco Web Security Appliance Connection DoS Vuln
- https://tools.cisco....a-20160518-wsa4
2016 May 18 v1.0 High - "Summary: A vulnerability in Cisco AsyncOS for the Cisco Web Security Appliance (WSA) when the software handles a specific HTTP response code could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance because the appliance runs out of system memory. The vulnerability occurs because the software does not free client and server connection memory and system file descriptors when a certain HTTP response code is received in the HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition because the appliance runs out of system memory. When this happens, the device can no longer accept new incoming connection requests. Cisco has released software updates that address this vulnerability. A workaround that addresses this vulnerability is also available...
Vulnerable Products: This vulnerability affects Cisco AsyncOS versions for Cisco WSA on both virtual and hardware appliances. See the "Fixed Software" section of this security advisory for additional information about the affected software versions. To determine whether a vulnerable version of Cisco AsyncOS Software is running on a Cisco WSA, administrators can use the version command in the WSA command-line interface (CLI). The following example shows the results for an appliance running Cisco AsyncOS Software version 8.5.3-051:
ciscowsa> version
Current Version
Product: Cisco IronPort S670 Web Security Appliance
Model: S670
Version: 8.5.3-051 ...
- http://www.securityt....com/id/1035911
CVE Reference: CVE-2016-1383
May 18 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.7 and prior, 8.0, 8.5, 8.6, 8.7, 8.8 ...
The vendor has assigned bug ID CSCur28305 to this vulnerability.
Impact: A remote user can consume excessive memory resources on the target system and prevent future incoming connections.
Solution: The vendor has issued a fix (9.0.1-162)...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Unified Computing System Central Cross-Site Scripting Vuln
- https://tools.cisco....sa-20160517-ucs
2016 May 18 v1.1 - "Summary: A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco UCS Central Software Release 1.4(1a) is vulnerable...
- http://www.securityt....com/id/1035933
CVE Reference: CVE-2016-1401
May 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.4(1a) ...
The vendor has assigned bug ID CSCuy91250 to this vulnerability...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Cisco Unified Computing System interface, access data recently submitted by the target user via web form to the interface, or take actions on the interface acting as the target user.
Solution: The vendor has issued a fix...
___

Cisco IOS XR LPTS DoS Vuln
- https://tools.cisco....20160519-ios-xr
2016 May 20 v1.1 - "Summary: A vulnerability in the Local Packet Transport Services (LPTS) network stack of Cisco IOS XR for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a limited denial of service (DoS) condition on an affected platform. The vulnerability is due to improper handling of flow base entries by LPTS. This can cause too many known entries for a protocol to be created, causing existing or new sessions to be dropped. An attacker could exploit this vulnerability by sending continuous connection attempts to the open TCP ports to cause an exhaustion of services. An exploit could allow the attacker to cause a limited DoS condition on an affected platform. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: This is a day-zero issue and -all- releases prior to the fix are vulnerable...
- http://www.securityt....com/id/1035934
CVE Reference: CVE-2016-1407
May 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9000 Series; Release 5.3.1 ...
The vendor has assigned bug ID CSCux95576 to this vulnerability.
Impact: A remote user can cause existing or new sessions on the target system to be dropped.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vuln
- https://tools.cisco....0160523-pi-epnm
2016 May 23 v1.0 - "Summary: A vulnerability in the application programming interface (API) web interface of the Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, remote attacker to perform privilege escalation on the affected device. The attacker can escalate privileges to the root level in most cases. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests a web page or service that should be restricted. An attacker could exploit this vulnerability by performing reconnaissance attacks to the application web pages and services to identify potential devices of interest. The attacker could then craft an HTTP request with a crafted JavaScript Object Notation (JSON) payload to request the targeted sensitive data. An exploit could allow the attacker to perform privilege escalation on the applications to the root level and access unauthorized data. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Cisco Bug IDs: CSCuy12409, CSCuy12511
Vulnerable Products: The following Cisco products are affected:
- Cisco Prime Infrastructure prior to version 3.1
- Cisco Evolved Programmable Network Manager prior to version 1.2.4 ...
___

Cisco Adaptive Security Appliance XML Parser DoS Vuln
- https://tools.cisco....0160517-asa-xml
2016 May 17 v1.0 - "Summary: A vulnerability in XML parser code of Cisco Adaptive Security Appliance Software could allow an authenticated, remote attacker to cause system instability or a reload of the affected system. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: All Cisco Adaptive Security Appliance releases are affected by this vulnerability...
- http://www.securityt....com/id/1035976
CVE Reference: CVE-2016-1385
May 27 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0; 9.1, 9.2, 9.3, 9.4, 9.5 ...
The vendor has assigned bug ID CSCut14209 to this vulnerability.
Impact: A remote authenticated user can cause denial of service conditions on the target system.
Solution: The vendor has issued a fix (9.1(7.6), 9.2(4.8), 9.3(3.8), 9.4(2.6), 9.5(2.6))...
 

Edited by AplusWebMaster, 31 May 2016 - 04:42 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco ESA and WSA AMP ClamAV DoS Vuln
- https://tools.cisco....0160531-wsa-esa
2016 May 31 v1.0 - "Summary: A vulnerability in the Clam AntiVirus (ClamAV) software that is used by Cisco Advance Malware Protection (AMP) for Cisco Email Security Appliances (ESAs) and Cisco Web Security Appliances (WSAs) could allow an unauthenticated, remote attacker to cause the AMP process to restart. The vulnerability is due to improper parsing of input files by the libclamav library. An attacker could exploit this vulnerability by sending a crafted document that triggers a scan from the AMP ClamAV library on an affected system. A successful exploit could allow the attacker to cause the AMP process to restart. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following Cisco products if they are running an affected software release:
    Clam AntiVirus (ClamAV)
    Email Security Appliance (ESA)
    Web Security Appliance (WSA) ...
This vulnerability is addressed in the following Cisco AsyncOS Software releases:
    9.7.0-125 and later for Cisco ESA
    9.0.1-135 and later for Cisco WSA
    9.1.1-041 and later for Cisco WSA ...
- http://www.securityt....com/id/1035993
CVE Reference: https://cve.mitre.or...e=CVE-2016-1405
May 31 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
Description: A vulnerability was reported in Cisco -Email- Security Appliance. A remote user can cause the target service to crash.
A remote user can send a specially crafted file that will cause the target Cisco Advance Malware Protection (AMP) process to restart.
The vulnerability resides in the Clam AntiVirus (ClamAV) component.
The vendor has assigned bug IDs CSCuv78533 and CSCuw60503 to this vulnerability.
Impact: A remote user can cause the target antivirus to restart.
Solution: The vendor has issued a fix (9.7.0-125)...

- http://www.securityt....com/id/1035994
Description: A vulnerability was reported in Cisco -Web- Security Appliance. A remote user can cause the target service to crash.
A remote user can send a specially crafted file that will cause the target Cisco Advance Malware Protection (AMP) process to restart.
The vulnerability resides in the Clam AntiVirus (ClamAV) component.
The vendor has assigned bug IDs CSCuv78533 and CSCuw60503 to this vulnerability.
Impact: A remote user can cause the target antivirus to restart.
Solution: The vendor has issued a fix (9.0.1-135, 9.1.1-041)...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vuln
- https://tools.cisco....-20160601-prime
2016 June 1 v1.0 HIGH - "Summary: A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products:
Cisco Prime Network Analysis Module (NAM) running any 6.2 software release prior to Release 6.2(1)
Cisco Prime Network Analysis Module (NAM) running software releases 6.1(1) and prior if the final security patch for platforms running NAM 6.1(1) software (nam-security-patch.6.1-2-final) has not been applied
Cisco Prime Virtual Network Analysis Module (vNAM) running any 6.2 software release prior to Release 6.2(1)
Cisco Prime Virtual Network Analysis Module (vNAM) running software releases 6.1(1) and prior if the final security patch for platforms running NAM (nam-security-patch.6.1-2-final) has not been applied...
- http://www.securityt....com/id/1036013
CVE Reference: CVE-2016-1388
Jun 1 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.2(1) ...
The vendor has assigned bug ID CSCuy21882 to this vulnerability.
Impact: A remote user can execute arbitrary commands on the target system.
Solution: The vendor has issued a fix (nam-security-patch.6.1-2-final.i386.rpm, 6.2(1))...
___

Cisco Prime Network Analysis Module IPv6 DoS Vuln
- https://tools.cisco....20160601-prime3
2016 June 1 v1.0 HIGH - "Summary: A vulnerability in the IPv6 packet decode function of the Cisco Network Analysis Module (NAM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an improper calculation of the IPv6 payload length of certain IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets on the network where the NAM is collecting and monitoring traffic. An exploit could allow the attacker to cause a DoS condition and the NAM could cease to collect and monitor traffic for a short time. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco Prime NAM software versions prior to release 6.2(1- 1b ) ...
- http://www.securityt....com/id/1036016
CVE Reference: CVE-2016-1370
Jun 1 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
The vendor has assigned bug ID CSCuy37324 to this vulnerability.
Impact: A remote user can cause the target 'mond' process to crash and fail to monitor traffic until restarted.
Solution: The vendor has issued a fix (6.2(1- 1b ) ...
___

Cisco Prime Network Analysis Module Local Command Injection Vuln
- https://tools.cisco....20160601-prime1
2016 June 1 v1.0 - "Summary: A vulnerability in the command-line interface (CLI) of Cisco Prime Network Analysis Module (NAM) and Cisco Prime Virtual Network Analysis Module (vNAM) could allow a local, authenticated attacker to execute arbitrary commands on the host operating system with elevated privileges. The vulnerability is due to insufficient sanitization of user-supplied input that is passed to a specific command before the input is used in subsequent operations. An attacker could exploit this vulnerability by submitting crafted input to the command. A successful exploit could allow the attacker to execute arbitrary commands on the host operating system with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following Cisco products are affected by this vulnerability:
Cisco Prime Network Analysis Module (NAM) releases 6.2 and prior
Cisco Prime Network Analysis Module (NAM) releases 6.1(1) and prior if the final security patch (nam-security-patch.6.1-2-final) has not been applied
Cisco Prime Virtual Network Analysis Module (vNAM) releases 6.2 and prior
Cisco Prime Virtual Network Analysis Module (vNAM) releases 6.1(1) and prior if the final security patch (nam-security-patch.6.1-2-final) has not been applied...
- http://www.securityt....com/id/1036015
CVE Reference: CVE-2016-1390
Jun 1 2016
The vendor has assigned bug ID CSCuy21892 to this vulnerability.
Impact: A local user can obtain root privileges on the target system.
Solution: The vendor has issued a fix (nam-security-patch.6.1-2-final.i386.rpm, 6.2(1))...
___

Cisco Prime Network Analysis Module Authenticated Remote Code Execution Vuln
- https://tools.cisco....20160601-prime2
2016 June 1 v1.0 - "Summary: A vulnerability in the web interface of Cisco Prime Network Analysis Module (NAM) and Cisco Prime Virtual Network Analysis Module (vNAM) could allow an authenticated, remote attacker to execute arbitrary commands or code on the host operating system with the privileges of the web server. The vulnerability is due to insufficient sanitization of user-supplied input before the input is used in subsequent operations. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary commands or code on the host operating system with the reduced privileges of the web server. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following Cisco products are affected by this vulnerability:
Cisco Prime Network Analysis Module (NAM) releases 6.2(1b) and prior
Cisco Prime Network Analysis Module (NAM) releases 6.1(1) and prior if the final security patch (nam-security-patch.6.1-2-final) has not been applied
Cisco Prime Virtual Network Analysis Module (vNAM) releases 6.2(1b) and prior
Cisco Prime Virtual Network Analysis Module (vNAM) releases 6.1(1) and prior if the final security patch (nam-security-patch.6.1-2-final) has not been applied...
- http://www.securityt....com/id/1036014
CVE Reference: CVE-2016-1391
Jun 1 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
The vendor has assigned bug ID CSCuy21889 to this vulnerability.
Impact: A remote authenticated user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (nam-security-patch.6.1-2-final, 6.2(1b))...
___

- https://www.us-cert....ecurity-Updates
June 01, 2016
 

Edited by AplusWebMaster, 02 June 2016 - 07:05 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vuln
- https://tools.cisco....sa-20160606-aap
2016 June 6 v1.0 - "Summary: A vulnerability in the command-line interpreter of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an authenticated, local attacker to inject commands in the Linux shell. The commands could be executed with root-level privileges. The vulnerability is due to improper sanitization of user-supplied input for parameters of command-line interface (CLI) commands. An attacker could exploit this vulnerability by authenticating to the affected device and executing a subset of CLI commands with crafted input for those parameters. A successful exploit could allow the attacker to execute Linux shell commands with root-level privileges on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following Cisco Aironet Access Points running Cisco Aironet Access Point Software Release 8.2(100.0) are vulnerable:
    Aironet 1830e Access Point
    Aironet 1830i Access Point
    Aironet 1850e Access Point
    Aironet 1850i Access Point
    Aironet 2800 Series Access Points
    Aironet 3800 Series Access Points ...
- http://www.securityt....com/id/1036042
CVE Reference: CVE-2016-1418
Jun 7 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.2(100.0) ...
The vendor has assigned bug ID CSCuy64037 to this vulnerability.
Impact: A local user can obtain root privileges on the target system.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vuln
- https://tools.cisco....sa-20160616-pnr
2016 June 16 v1.0 - "Summary: A vulnerability in the System Configuration Protocol (SCP) core messaging interface of the Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to lack of proper authentication controls for SCP messages. An attacker could exploit this vulnerability by sending specific SCP protocol messages to the targeted application. An exploit could allow the attacker to learn sensitive information about the application. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: The following Cisco Prime Network Registrar versions are vulnerable:
    Cisco Prime Network Registrar 8.2 versions prior to 8.2.3.1
    Cisco Prime Network Registrar 8.3 versions prior to 8.3.2 ...
- http://www.securityt....com/id/1036128
CVE Reference: CVE-2016-1427
Jun 18 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.2.x prior to 8.2.3.1, 8.3.x prior to 8.3.2 ...
The vendor has assigned bug ID CSCuv35694 to this vulnerability.
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (8.2.3.1, 8.3.2)...
___

Cisco IOS Software Link Layer Discovery Protocol Processing Code DoS Vuln
- https://tools.cisco....a-20160616-ios1
2016 June 17 v1.0 - "Summary: A vulnerability in the Link Layer Discovery Protocol (LLDP) packet processing code of Cisco IOS could allow an unauthenticated, adjacent attacker to cause the crash of an affected device. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this vulnerability by sending a specially crafted LLDP packet. An exploit could allow the attacker to cause a Denial of Service (DoS) condition on an affected platform. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following Cisco IOS Software versions are affected:
    15.0(2)SG5
    15.1(2)SG3
    15.2(1)E
    15.3(3)S
    15.4(1.13)S ...
- http://www.securityt....com/id/1036129
CVE Reference: CVE-2016-1425
Jun 18 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, 15.4(1.13)S, 15.2(1)T1.11, 15.2(2)TST ...
The vendor has assigned bug ID CSCun66735 to this vulnerability for 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S.
The vendor has assigned bug ID CSCun63132 to this vulnerability for 15.2(1)T1.11 and 15.2(2)TST.
Impact: A remote user on the local network can cause the target device to crash.
Solution: The vendor has issued a fix...
The vendor's advisories are available at:
> https://tools.cisco....sa-20160616-ios
> https://tools.cisco....a-20160616-ios1
___

Cisco cBR-8 Series Converged Broadband Router SNMP DoS Vuln
- https://tools.cisco....sa-20160617-cbr
2016 June 17 v1.0 - "Summary: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software running on Cisco cBR-8 Series Converged Broadband Routers could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability exists because the affected platform does not properly trap SNMP read requests for a specific object ID that is not supported by the platform. When such a request is processed, the SNMP process may attempt to reference a pointer with a NULL value. To exploit this vulnerability, an attacker who can authenticate to an affected device may submit a specific, valid SNMP request. A successful exploit will cause the supervisor card that serviced the request to restart, due to an attempt to access an invalid memory region, and result in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco cBR-8 Series Converged Broadband Routers that are running Cisco IOS XE Software Release 3.15S or 3.16S prior to the first fixed software release...
Cisco Bug IDs: CSCuu68862 ...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco IOS XE Software SNMP Subsystem Dos Vuln
- https://tools.cisco....-20160620-iosxe
2016 June 20 v1.0 - "Summary: A vulnerability in the SNMP subsystem of Cisco IOS XE software could allow an authenticated, remote attacker to create a denial of service (DoS) condition. The vulnerability is due to an attempt to double free a region of memory when processing a series of SNMP read requests that contains certain criteria for a specific object ID (OID). An attacker who can authenticate to an affected device may submit a series of valid but specially formed SNMP requests designed to trigger the vulnerability. Successful exploitation will cause the device to restart because of an attempt to access an invalid memory region. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: Cisco IOS XE Software versions 3.15S, 3.16S, and 3.17S before the first fixed version are vulnerable...
- http://www.securityt....com/id/1036140
CVE Reference: CVE-2016-1428
Jun 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IOS XE; 3.15S, 3.16S, 3.17S ...
The vendor has assigned bug ID CSCux13174 to this vulnerability.
Impact: A remote authenticated user can cause the target device to restart.
Solution: The vendor has issued a fix...
___

Cisco 8800 Series IP Phone Directory Traversal Vuln
- https://tools.cisco....160620-ip-phone
2016 June 20 v1.0 - "Summary: A vulnerability in the license upload interface of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to delete arbitrary files from the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading invalid files to an affected device via the certificate upload interface for the device. A successful exploit could allow the attacker to delete files in arbitrary locations on the filesystem. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco 8800 Series IP Phones running software Release 11.0(1)...
- http://www.securityt....com/id/1036139
CVE Reference: CVE-2016-1434
Jun 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8800 Series IP Phones, Release 11.0(1) ...
The vendor has assigned bug ID CSCuz03010 to this vulnerability.
Impact: A remote authenticated user can delete files on the target system.
Solution: The vendor has issued a fix...
___

Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vuln
- https://tools.cisco....sa-20160620-ipp
2016 June 20 v1.0 - "Summary: A vulnerability in the mounted filesystem of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to access any file, including the right to change the file mode, on a targeted device. The vulnerability is due to insufficient enforcement of filesystem permissions. An attacker could exploit this vulnerability by leveraging another exploit that allows the attacker to gain access to an unprivileged shell. A successful exploit could allow the attacker to modify or replace existing system files with malicious files. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco 8800 Series IP Phones running software Release 11.0(1)...
- http://www.securityt....com/id/1036138
CVE Reference: CVE-2016-1435
Jun 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8800 Series IP Phones, Release 11.0(1) ...
The vendor has assigned bug ID CSCuz03014 to this vulnerability.
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Prime Collaboration Deployment SQL Injection Vuln
- https://tools.cisco....sa-20160621-pcd
2016 June 21 v1.0 - "Summary: A vulnerability in the interface of the Cisco Prime Collaboration Deployment SQL database could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation for user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database... Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Prime Collaboration Deployment software releases prior to Release 11.5.1...
- http://www.securityt....com/id/1036151
CVE Reference: CVE-2016-1437
Jun 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Version(s): prior to 11.5.1 ...
The vendor has assigned bug ID CSCuy92549 to this vulnerability.
Impact: A remote user can execute SQL commands on the underlying database.
Solution: The vendor has issued a fix...
___

Cisco ASR 5000 Series Packet Data Network Gateway DoS Vuln
- https://tools.cisco....sa-20160621-asr
2016 June 21 v1.0 - "Summary: A vulnerability in the implementation of General Packet Radio Switching Tunneling Protocol Version 1 (GTPv1) in Cisco ASR 5000 Series Packet Data Network Gateways could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to an unexpected restart of the Session Manager process for the device. The vulnerability is due to improper input validation of GTPv1 packet headers. An attacker could exploit this vulnerability by sending a crafted GTPv1 packet to a targeted device. A successful exploit could allow the attacker to cause the Session Manager process for the device to restart unexpectedly, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco ASR 5000 Series Packet Data Network Gateways running a software release prior to Release 19.4...
- http://www.securityt....com/id/1036152
CVE Reference: CVE-2016-1436
Jun 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  ...
Version(s): Cisco ASR 5000 Series Packet Data Network Gateway; prior to Release 19.4 ...
The vendor has assigned bug ID CSCuz46198 to this vulnerability.
Impact: A remote user can cause the target Session Manager service to restart.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Web Security Appliance Native FTP DoS Vuln
- https://tools.cisco....sa-20160627-wsa
2016 June 27 v1.0 - "Summary: A vulnerability in the native pass-through FTP functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to high CPU utilization. The vulnerability is due to how the FTP client terminates the FTP control connection when the data transfer is complete. An attacker could exploit this vulnerability by initiating FTP connections through the WSA. An exploit could allow the attacker to cause high CPU utilization of the Cisco WSA proxy process, causing a partial DoS condition. Successful exploitation depends on the FTP client the attacker uses and how that FTP client closes the FTP control connection. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: All Cisco WSA releases prior to the first fixed release are vulnerable...
- http://www.securityt....com/id/1036188
CVE Reference: CVE-2016-1440
Jun 28 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  ...
The vendor has assigned bug ID CSCuy43468 to this vulnerability.
Impact: A remote user can consume excessive CPU resources on the target system.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vuln
- https://tools.cisco....29-piauthbypass
2016 June 30 v1.1 Critical - "Summary: A vulnerability in the application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to access and control the API resources. The vulnerability is due to improper input validation of HTTP requests for unauthenticated URIs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected URIs. Successful exploitation of this vulnerability could allow the attacker to upload malicious code to the application server or read unauthorized management data, such as credentials of devices managed by Cisco Prime Infrastructure or EPNM. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco Prime Infrastructure software versions 1.2 through version 3.0 are vulnerable... (more)...
- http://www.securityt....com/id/1036195
CVE Reference: CVE-2016-1289
Jun 29 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.2 - 3.0 ...
The vendor has assigned bug IDs CSCuv56851, CSCuy10231, CSCuz01475, and CSCuz01505 to this vulnerability...
Impact: A remote user can bypass authentication on the target system.
Solution: The vendor has issued a fix (2.2.3 Update 4, 3.1)...
___

Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vuln
- https://tools.cisco....-cpcpauthbypass
2016 June 29 v1.0 Critical - "Summary: A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full -administrator- privileges. The vulnerability is due to an improper implementation of LDAP authentication. An attacker could exploit this vulnerability by logging into a targeted device that is configured for LDAP authentication. Successful exploitation of this vulnerability could grant the attacker full -administrator- privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco Prime Collaboration Provisioning software version 10.6 with Service Pack 2 (SP2) installed is the only vulnerable version... (more)...
Cisco Bug IDs: CSCuv37513
- http://www.securityt....com/id/1036212
CVE Reference: CVE-2016-1416
Jul 1 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Provisioning 10.6 SP2 only ...
Description: A vulnerability was reported in Cisco Prime Collaboration Provisioning. A remote user can bypass authentication.
A remote user can exploit a flaw in the LDAP authentication component to bypass authentication and gain full administrator privileges.
The vendor has assigned bug ID CSCuv37513 to this vulnerability.
Impact: A remote user can bypass authentication and gain administrative access on the target system.
Solution: The vendor has issued a fix...
___

Cisco Firepower System Software Static Credential Vuln
- https://tools.cisco....-sa-20160629-fp
2016 June 29 v1.0 High - "Summary: A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the device with a default account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static password. This account is created during installation. An attacker could exploit this vulnerability by connecting either locally or remotely to the affected system. A successful exploit could allow the attacker to log in to the device using the default account. The default account allows the execution of a subset of command-line interface (CLI) commands that would allow the attacker to partially compromise the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Firepower System Software release 6.0 or later running on any of the following Cisco products:
    Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
    Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances
    Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances
    FirePOWER 7000 Series Appliances
    FirePOWER 8000 Series Appliances
    FirePOWER Threat Defense for Integrated Services Routers (ISRs)
    Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware
This vulnerability affects systems initially installed with software release 6.0 or later. Systems upgraded from software release 5.0 to software release 6.0 are not affected by this vulnerability...
Cisco Bug IDs: CSCuz56238
___

> https://www.us-cert....ecurity-Updates
June 30, 2016
 

Edited by AplusWebMaster, 01 July 2016 - 03:27 AM.