332 replies to this topic

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vuln
- https://tools.cisco....a-20160831-sps3
2016 Aug 31 v1.0 Critical - "Summary: A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Small Business 220 Series Smart Plus (Sx220) Switches that are running firmware release 1.0.0.17, 1.0.0.18, or 1.0.0.19 and have the SNMP feature enabled. The SNMP feature is disabled by default on Sx220 Switches...
CVE-2016-1473
Cisco Bug IDs: CSCuz76216
___

Cisco WebEx Meetings Player Arbitrary Code Execution Vuln
- https://tools.cisco....meetings-player
2016 Aug 31 v1.0 Critical - "Summary: A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: This vulnerability affects Cisco WebEx Meetings Player version T29.10 for WRF files...
CVE-2016-1464
Cisco Bug IDs: CSCva09375
___

Cisco Small Business SPA3x/5x Series DoS Vuln
- https://tools.cisco....sa-20160831-spa
2016 Aug 31 v1.0 High - "Summary: A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: This vulnerability affects the following Cisco Small Business IP Phones running software release 7.5.7(6) or earlier:
    SPA300 Series IP Phones
    SPA500 Series IP Phones
    SPA51x IP Phones ...
CVE-2016-1469
Cisco Bug IDs: CSCut67385
 

More: https://tools.cisco....cationListing.x

 

- http://www.securityt....com/id/1036711
- http://www.securityt....com/id/1036712
- http://www.securityt....com/id/1036713
- http://www.securityt....com/id/1036717
- http://www.securityt....com/id/1036718
- http://www.securityt....com/id/1036719
- http://www.securityt....com/id/1036720
- http://www.securityt....com/id/1036721
- http://www.securityt....com/id/1036722
- http://www.securityt....com/id/1036723
- http://www.securityt....com/id/1036724
___

- https://www.us-cert....ecurity-Updates
Aug 31, 2016
 

Edited by AplusWebMaster, 01 September 2016 - 06:35 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Wireless LAN Controller TSM SNMP DoS Vuln
- https://tools.cisco....-20160831-wlc-1
2 Sep 2016 v1.1 - "Summary: A vulnerability in the traffic stream metrics (TSM) implemented with the Inter-Access Point Protocol (IAPP) of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition because the process on the WLC unexpectedly restarts. The DoS condition could occur when a subsequent Simple Network Management Protocol (SNMP) request is received for TSM information. The device reloads when an SNMP request for TSM information is received. An attacker could exploit this vulnerability by sending crafted IAPP packets followed by an SNMP request for TSM information to the targeted device. An exploit could allow the attacker to cause a DoS condition when the WLC unexpectedly restarts. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: All versions of Cisco Wireless LAN Controller prior to the first fixed versions of 8.0.140, 8.2.121.0, and 8.3.102.0 are vulnerable..."
CVE-2016-6375
Cisco Bug IDs: CSCuz40221
___

Cisco IOS Software Point-to-Point Tunneling Protocol Svr Information Disclosure Vuln
- https://tools.cisco....sa-20160902-ios
2 Sep 2016 v1.1 - "Summary: A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) server functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to access data from a packet buffer that was previously used. The vulnerability is due to the use of a previously used packet buffer whose content was not cleared from memory. An attacker could exploit this vulnerability by sending a PPTP connection request to device that is running a vulnerable release of the affected software and is configured for PPTP server functionality. A successful exploit could allow the attacker to access up to 63 bytes of memory that were previously used for a packet and were either destined to the device or generated by the device. An exploit would not allow the attacker to access packet data from transit traffic. In addition, an exploit would not allow the attacker to access arbitrary memory locations that the attacker chooses. Cisco has -not- released software updates that address this vulnerability. There -is- a workaround that addresses this vulnerability...
Vulnerable Products: For information about software releases that are affected by or fix this vulnerability, refer to Cisco bug CSCvb16274:

- https://bst.cloudapp.../bug/CSCvb16274
CVE-2016-6398
___

Many Cisco ASA boxes open to attack ...
- https://www.helpnets...pen-extrabacon/
Sep 6, 2016

> https://www.us-cert....lerts/TA16-250A
Sep 06, 2016
 

Edited by AplusWebMaster, 07 September 2016 - 05:37 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Wireless LAN Controller TSM SNMP DoS Vuln
- https://tools.cisco....-20160831-wlc-1
6 Sep 2016 v1.2 - "Summary: A vulnerability in the traffic stream metrics (TSM) implemented with the Inter-Access Point Protocol (IAPP) of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition because the process on the WLC unexpectedly restarts. The DoS condition could occur when a subsequent Simple Network Management Protocol (SNMP) request is received for TSM information. The device reloads when an SNMP request for TSM information is received. An attacker could exploit this vulnerability by sending crafted IAPP packets followed by an SNMP request for TSM information to the targeted device. An exploit could allow the attacker to cause a DoS condition when the WLC unexpectedly restarts. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects all 6.x through 8.x releases of Cisco Wireless LAN Controller prior to the first fixed release for those releases. The first fixed releases for those releases are 8.0.140, 8.2.121.0, and 8.3.102.0...
CVE-2016-6375
Cisco Bug IDs: CSCuz40221
___

Cisco Wireless LAN Controller wIPS DoS Vuln
- https://tools.cisco....-20160831-wlc-2
6 Sep 2016 v1.1 - "Summary: A vulnerability in the Cisco Adaptive Wireless Intrusion Prevention System (wIPS) implementation in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition because the wIPS process on the WLC unexpectedly restarts. The vulnerability is due to lack of proper input validation of wIPS protocol packets. An attacker could exploit this vulnerability by sending a malformed wIPS packet to the affected device. An exploit could allow the attacker to cause a DoS condition when the wIPS process on the WLC unexpectedly restarts. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects all 6.x through 8.x releases of Cisco Wireless LAN Controller prior to the first fixed release for those releases. The first fixed releases for those releases are 8.0.140, 8.2.121.0, and 8.3.102.0...
CVE-2016-6376
Cisco Bug IDs: CSCuz40263
___

> https://www.us-cert....lerts/TA16-250A
Sep 06, 2016
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vuln
- https://tools.cisco....a-20160907-fsss
7 Sep 2016 v1.0 - "Summary: A vulnerability in the web-based management interface of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
This vulnerability affects the following Cisco products:
    Cisco Firepower Management Center, all releases prior to Release 6.1
    Cisco FireSIGHT System Software, all releases prior to Release 6.1
CVE-2016-6395
Cisco Bug IDs: CSCuz58658

- http://www.securityt....com/id/1036755
CVE Reference: CVE-2016-6395
Sep 9 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.1
The vendor has assigned bug ID CSCuz58658 to this vulnerability.
Impact: A remote authenticated user can access the target user's cookies (including authentication cookies), if any, associated with the Cisco FireSIGHT interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (6.1)...
___

Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vuln
- https://tools.cisco....-20160907-fsss1
7 Sep 2016 v1.0 - "Summary: A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by crafting specific file content on a server or persuading a user to click a specific link. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following Cisco products if the product is configured to use a file policy that has the Block Malware with all options including Reset action:
    Firepower Management Center, all releases prior to Release 6.1
    FireSIGHT System Software, all releases prior to Release 6.1
CVE-2016-6396
Cisco Bug IDs: CSCuz44482

- http://www.securityt....com/id/1036756
CVE Reference: CVE-2016-6396
Sep 9 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.1
The vendor has assigned bug ID CSCuz44482 to this vulnerability.
Impact: A remote user can bypass malware detection on the target system.
Solution: The vendor has issued a fix (6.1)...
 

Edited by AplusWebMaster, 09 September 2016 - 05:34 AM.

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco WebEx Meetings Server Remote Command Execution Vuln
- https://tools.cisco....sa-20160914-wem
14 Sep 2016 v1.0 Critical - "Summary: A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to bypass security restrictions on a host located in a DMZ and inject arbitrary commands on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied data processed by the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands into existing application scripts running on a targeted device located in a DMZ. Successful exploitation could allow an attacker to execute arbitrary commands on the device with elevated privileges. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: Cisco WebEx Meetings Server version 2.6 is vulnerable...
- http://www.securityt....com/id/1036809
CVE Reference: CVE-2016-1482
Sep 14 2016
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.6
The vendor has assigned bug ID CSCuy83130 to this vulnerability.
Impact: A remote user can execute arbitrary commands on the target system.
Solution: The vendor has issued a fix (2.7)...
___

Cisco WebEx Meetings Server DoS Vuln
- https://tools.cisco....sa-20160914-wms
14 Sep 2016 v1.0 High - "Summary: A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper validation of user accounts by specific services. An unauthenticated, remote attacker could exploit this vulnerability by repeatedly attempting to access a specific service, causing the system to perform computationally intensive tasks and resulting in a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: Cisco WebEx Meetings Server version 2.6 is vulnerable...
- http://www.securityt....com/id/1036808
CVE Reference: CVE-2016-1483
Sep 14 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.6
The vendor has assigned bug ID CSCuy92704 to this vulnerability.
Impact: A remote user can consume excessive CPU resources on the target system.
Solution: The vendor has issued a fix (2.7)...
___

Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vuln
- https://tools.cisco....sa-20160914-ios
14 Sep 2016 v1.0 - "Summary: A vulnerability in the web framework code of the Cisco Local Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information... Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco provides information about fixed software in Cisco bugs, which are accessible through the Cisco Bug Search Tool: https://bst.cloudapp....com/bugsearch/
- http://www.securityt....com/id/1036834
CVE Reference: CVE-2016-6404
Sep 15 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
The vendor has assigned bug ID CSCuy19854 to this vulnerability.
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Cisco Local Manager interface, access data recently submitted by the target user via web form to the interface, or take actions on the interface acting as the target user.
Solution: The vendor has issued a fix...
___

Cisco IOS and IOS XE Software Data in Motion DoS Vuln
- https://tools.cisco....20160914-ios-xe
14 Sep 2016 v1.0 - "Summary: A vulnerability in the Data in Motion (DMo) application in Cisco IOS and IOS XE software with the IOx feature set could allow an unauthenticated, remote attacker to to cause a denial of service (DoS) condition in the DMo process. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending a specially crafted packet to the targeted system. An exploit could allow the attacker to cause a DoS condition on the targeted system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco IOS and IOS XE Software with the IOx feature set is affected...
- http://www.securityt....com/id/1036833
CVE Reference: CVE-2016-6403
Sep 15 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug IDs CSCuy82904, CSCuy82909, and CSCuy82912 to this vulnerability.
Impact: A remote user can cause denial of service conditions on the target service.
Solution: The vendor has issued a fix...
___

Cisco IOS XR for NCS6000 Series Devices OSPF Packet Processing DoS Vuln
- https://tools.cisco....-20160914-iosxr
15 Sep 2016 v1.1 - "Summary: A vulnerability in the OSPFv3 processing of Cisco IOS XR for Cisco CRS platforms could allow an unauthenticated, remote attacker to cause a reload of the OSPFv3 process and result in a limited denial of service (DoS) condition on the affected device. The vulnerability is due to insufficient logic in the processing of crafted OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the OSPFv3 process and cause a limited DoS condition on the affected device. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco 64-bit releases of IOS XR for Cisco NCS6000 series devices are affected by this vulnerability. Only 64-bit NCS6k platforms are affected. A device is vulnerable if it is configured to process OSPFv3. Exploiting a vulnerability against an affected device results in a crash of the OSPFv3 process, followed by a potential effect on data traffic relying on the exchanged routes...
- http://www.securityt....com/id/1036832
CVE Reference: CVE-2016-1433
Sep 15 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): NCS6000 Series; IOS XR ...
The vendor has assigned bug ID CSCuz66289 to this vulnerability.
Impact: A remote user can cause the target OSPFv3 service to reload.
Solution: The vendor has issued a fix...
___

>> https://www.us-cert....ecurity-Updates
Sep 15, 2016
 

Edited by AplusWebMaster, 16 September 2016 - 06:56 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Adaptive Security Appliance SNMP Remote Code Execution Vuln
- https://tools.cisco....160817-asa-snmp
19 Sep 2016 - v1.5 - High
Revision History:
v1.5 - Updated Affected Products to add an affected release of ASA software - 2016-Sep-19
v1.4 - Updated Summary text for additional clarification, updated Fixed Software section to reflect recently published software versions - 2016-Aug-25 ...
CVE-2016-6366
Cisco Bug IDs: CSCva92151
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Cloud Services Platform 2100 Command Injection Vuln
- https://tools.cisco....60921-csp2100-1
21 Sep 2016 v1.0 Critical - "Summary: A vulnerability in the web-based GUI of the Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands. An exploit could allow the attacker to execute arbitrary commands on the host operating system with the privileges of root. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco Cloud Services Platform 2100 version 2.0 is affected...
- http://www.securityt....com/id/1036865
CVE Reference: CVE-2016-6373
Sep 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2100; version 2.0
The vendor has assigned bug ID CSCva00541 to this vulnerability.
Impact: A remote authenticated user can execute arbitrary code on the target system with root privileges.
Solution: The vendor has issued a fix (2100; version 2.1.0)...
___

Cisco Cloud Services Platform 2100 Remote Command Execution Vuln
- https://tools.cisco....60921-csp2100-2
21 Sep 2016 v1.0 High - "Summary: A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco Cloud Services Platform 2100 version 2.0 is affected...
- http://www.securityt....com/id/1036864
CVE Reference: CVE-2016-6374
Sep 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2100; version 2.0
The vendor has assigned bug ID CSCuz89093 to this vulnerability.
Impact: A remote user can execute arbitrary commands on the target system.
Solution: The vendor has issued a fix (2100; version 2.1.0)...
___

Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vuln
- https://tools.cisco....sa-20160921-fmc
21 Sep 2016 v1.0 - "Summary: A vulnerability in SSL inspection for Cisco Firepower Management Center and Cisco FireSIGHT System software could allow an unauthenticated, remote attacker to bypass configured do-not-decrypt rules in the SSL policy rule set. The vulnerability is due to lack of verification of the user input parameters within the HTTP URL against the SSL certificate. An attacker could exploit this vulnerability by sending a crafted HTTP URL to the targeted system. An exploit could allow the attacker to bypass configured SSL inspection rules. The SSL inspection do-not-decrypt rule should force a connection to be permanently encrypted. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: This vulnerability affects Cisco Firepower Management Center and Cisco FireSIGHT System software...
- http://www.securityt....com/id/1036877
CVE Reference: CVE-2016-6411
Sep 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
The vendor has assigned bug ID CSCva50585 to this vulnerability.
Impact: A remote user can bypass the SSL inspection policy 'do-not-decrypt' rule.
Solution: The vendor has issued a fix...
___

Cisco IOS and IOS XE Software Data in Motion Component DoS Vuln
- https://tools.cisco....sa-20160921-dmo
21 Sep 2016 v1.0 - "Summary: A vulnerability in the Cisco Data in Motion (DMo) component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition for the DMo process on a targeted system. The vulnerability is due to insufficient bounds checks by the affected component. An attacker could exploit this vulnerability by sending crafted traffic to a targeted system for processing by the affected component. A successful exploit could allow the attacker to cause a partial DoS condition for the affected component on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco IOS and IOS XE Software with the IOx feature set...
- http://www.securityt....com/id/1036875
CVE Reference: CVE-2016-6409
Sep 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug ID CSCuy54015 to this vulnerability.
Impact: A remote user can cause denial of service conditions on the target DMo process.
Solution: The vendor has issued a fix...
___  

Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vuln
- https://tools.cisco....sa-20160921-caf
21 Sep 2016 v1.0 - "Summary: A vulnerability in the Cisco application-hosting framework (CAF) for Cisco IOS and IOS XE Software with the IOx feature set could allow an authenticated, remote attacker to read arbitrary files on a targeted system. The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework. A successful exploit could allow the attacker to read arbitrary files on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...

Vulnerable Products: This vulnerability affects Cisco IOS and IOS XE Software with the IOx feature set...
- http://www.securityt....com/id/1036873
CVE Reference: CVE-2016-6410
Sep 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
The vendor has assigned bug ID CSCuy19856 to this vulnerability.
Impact: A remote authenticated user can obtain files on the target system.
Solution: The vendor has issued a fix...
___

Cisco Application-Hosting Framework HTTP Header Injection Vuln
- https://tools.cisco....a-20160921-caf1
21 Sep 2016 v1.0 - "Summary: A vulnerability in the Cisco Application-hosting Framework (CAF) component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a CAF user to download a file controlled by the attacker. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted HTTP headers into the communication path between the user and CAF. An exploit could allow the attacker to force the user to download a file controlled by the attacker. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: Cisco IOS and IOS XE Software with the IOx feature set are affected by this vulnerability...
- http://www.securityt....com/id/1036874
CVE Reference: CVE-2016-6412
Sep 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug ID CSCuz84773 to this vulnerability.
Impact: A remote user can cause the target user to download an arbitrary file.
Solution: The vendor has issued a fix...
___

Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vuln
- https://tools.cisco....a-20160921-apic
21 Sep 2016 v1.0 - "Summary: A vulnerability in the installation procedure for Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to incorrect installation and permissions settings for binary files when installing the system software on a device. An attacker could exploit this vulnerability by logging in to the device and escalating their privileges. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco APIC software is vulnerable...
- http://www.securityt....com/id/1036872
CVE Reference: CVE-2016-6413
Sep 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug ID CSCva50496 to this vulnerability.
Impact: A local user can obtain root privileges on the target system.
Solution: The vendor has issued a fix...
___

Cisco Prime Home Web-Based User Interface XML External Entity Vuln
- https://tools.cisco....sa-20160921-cph
21 Sep 2016 v1.0 - "Summary: A vulnerability in the web-based user interface of Cisco Prime Home could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of an XML External Entity (XXE) when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted XML file to the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco Prime Home is vulnerable...
CVE-2016-6408
Cisco Bug IDs: CSCvb17814
___

- https://www.us-cert....ecurity-Updates
Sep 21, 2016
 

Edited by AplusWebMaster, 22 September 2016 - 06:54 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Email Security Appliance Internal Testing Interface Vuln
- https://tools.cisco....sa-20160922-esa
22 Sep 2016 v1.0 Critical - "Summary: A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device. The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges. Cisco has confirmed the vulnerability; however, software updates are not currently available. This advisory will be updated with fixed software information when available. A workaround that mitigates this vulnerability is available...
Vulnerable Products: Cisco ESA physical and virtual devices running any of the following software releases are affected by this vulnerability:
    9.1.2-023
    9.1.2-028
    9.1.2-036
    9.7.2-046
    9.7.2-047
    9.7-2-054
    10.0.0-124
    10.0.0-125 ...
- http://www.securityt....com/id/1036881
CVE Reference: CVE-2016-6406
Sep 22 2016
Vendor Confirmed:  Yes  
Version(s): 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7-2-054, 10.0.0-124, 10.0.0-125 ...
Description: A vulnerability was reported in Cisco Email Security Appliance. A remote user can gain access to the target system.
A remote user can access an internal testing and debugging interface to gain access to the target system with root privileges.
The interface is intended for use during product development only.
Systems that have been rebooted at most once since an affected version was installed are affected if the device's Enrollment Client component version is prior to version 1.0.2-065.
The vendor has assigned bug ID CSCvb26017 to this vulnerability.
Impact: A remote user can gain access to the target system with root privileges.
Solution: No fixed software was available at the time of this entry.
>> A system that has been rebooted two or more times after installation of an affected version is no longer affected.
On Friday, September 15th, 2016, the vendor issued an Enrollment Client update that disables the vulnerable interface...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Sep 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Pub
- https://tools.cisco....ertId=ERP-56513
2016 Sep 28 - "Summary: Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on September 28, 2016. In direct response to customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.
The September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes -10- Cisco Security Advisories that describe -11- vulnerabilities in Cisco IOS and IOS XE Software. Cisco has confirmed that none of the vulnerabilities exist in Cisco IOS XR Software or Cisco NX-OS Software.
 Seven of the advisories describe vulnerabilities that are common to both Cisco IOS and IOS XE Software. One advisory describes a vulnerability that exists only in Cisco IOS Software. Two other advisories describe vulnerabilities that exist only in Cisco IOS XE Software. All the vulnerabilities have a Security Impact Rating of “High.” Exploits of the individual vulnerabilities could result in a denial of service (DoS) condition or a memory leak.
... Details: ... table identifies Cisco Security content associated with this Cisco IOS and IOS XE Software Security Advisory Bundled Publication...
(Listed 'table' at the cisco URL above.)

- http://www.securityt....com/id/1036914
CVE Reference: CVE-2016-6378, CVE-2016-6379, CVE-2016-6380, CVE-2016-6381, CVE-2016-6382, CVE-2016-6384, CVE-2016-6385, CVE-2016-6386, CVE-2016-6391, CVE-2016-6392, CVE-2016-6393
Sep 28 2016
Impact: Denial of service via network, Disclosure of system information, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A remote user can cause the target system or service to reload.
A remote user view portions of process memory.
A remote user can corrupt information in the local DNS cache.
Solution: The vendor has issued a fix.
The vendor advisories are available at:
- https://tools.cisco....ertId=ERP-56513
- https://tools.cisco....a-20160928-ipdr
- https://tools.cisco....a-20160928-msdp
- https://tools.cisco....sa-20160928-smi
- https://tools.cisco....20160928-aaados
- https://tools.cisco....a-20160928-frag
- https://tools.cisco....a-20160928-h323
- https://tools.cisco....60928-ios-ikev1
- https://tools.cisco....sa-20160928-cip
- https://tools.cisco....sa-20160928-dns
- https://tools.cisco....0160928-esp-nat
Vendor URL: https://tools.cisco....ertId=ERP-56513
___

- https://www.us-cert....ecurity-Updates
Sep 28, 2016
 

Edited by AplusWebMaster, 05 October 2016 - 05:38 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vuln
- https://tools.cisco....-20161005-nxaaa
5 Oct 2016 v1.0 Critical - "Summary: A vulnerability in the SSH subsystem of the Cisco Nexus family of products could allow an authenticated, remote attacker to bypass authentication, authorization, and accounting (AAA) restrictions. The vulnerability is due to the improper processing of certain parameters that are passed to an affected device during the negotiation of an SSH connection. An attacker could exploit this vulnerability by authenticating to an affected device and passing a malicious value as part of the login procedure. A successful exploit could allow an attacker to bypass AAA restrictions and execute commands on the device command-line interface (CLI) that should be restricted to a different privileged user role. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following Cisco products are vulnerable if they are running Cisco NX-OS System Software that is configured for AAA authentication and is accessible via SSH for IPv4 or IPv6.
    Multilayer Director Switches
    Nexus 1000V Series Switches
    Nexus 2000 Series Fabric Extenders
    Nexus 3000 Series Switches
    Nexus 3500 Platform Switches
    Nexus 4000 Series Switches
    Nexus 5000 Series Switches
    Nexus 5500 Platform Switches
    Nexus 5600 Platform Switches
    Nexus 6000 Series Switches
    Nexus 7000 Series Switches
    Nexus 7700 Series Switches
    Nexus 9000 Series Switches in NX-OS mode ...
- http://www.securityt....com/id/1036947
CVE Reference: CVE-2015-0721
Oct 5 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug IDs CSCum35502, CSCum47367 , CSCuw78669, CSCuw79754, and CSCux88492 to this vulnerability.
Impact: A remote authenticated user can bypass security controls on the target system.
Solution: The vendor has issued a fix.
A patch matrix is available in the vendor advisory...
___

Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vuln
- https://tools.cisco....sa-20161005-otv
5 Oct 2016 v1.0 Critical - "Summary: A vulnerability in the Overlay Transport Virtualization (OTV) generic routing encapsulation (GRE) implementation of the Cisco Nexus 7000 and 7700 Series Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to incomplete input validation performed on the size of OTV packet header parameters, which can result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted OTV UDP packet to the OTV interface on an affected device. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the OTV related process on the affected device. Cisco has released software updates that address this vulnerability. A workaround to mitigate this vulnerability is available...
Vulnerable Products: The following Cisco products are affected by this vulnerability when configured to use the OTV functionality:
    Nexus 7000 Series Switches
    Nexus 7700 Series Switches
This vulnerability affects Cisco Nexus 7000 and 7700 Series Switches with the OTV feature enabled. The OTV feature was introduced with Cisco NX-OS Software Release 5.0(3) or later for the Nexus 7000 Series, and Cisco NX-OS Software Release 6.2(2) or later for the Nexus 7700 Series...
- http://www.securityt....com/id/1036946
CVE Reference: CVE-2016-1453
Oct 5 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug ID CSCuy95701 to this vulnerability.
Impact: A remote user can execute arbitrary code on the target system or cause the target process to reload.
Solution: The vendor has issued a fix (7.2(2)D1(1), 7.3(1)D1(1))...
___

Cisco NX-OS Border Gateway Protocol DoS Vuln
- https://tools.cisco....sa-20161005-bgp
5 Oct 2016 v1.0 High - "Summary: A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly. The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer, or inject malformed messages into the victim's BGP network. This would require obtaining information about the BGP peers in the affected system's trusted network. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. If all BGP peers to the NX-OS Software are Cisco IOS, IOS-XE, or IOS-XR devices and those devices are not configured for Cisco Multicast VPN (MVPN) interautonomous system support, this vulnerability cannot be remotely exploited. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
- http://www.securityt....com/id/1036950
CVE Reference: CVE-2016-1454
Oct 5 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug IDs CSCuq77105 and CSCux11417 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix.
A patch matrix is available in the vendor advisory...   
___

Cisco NX-OS Software Crafted DHCPv4 Packet DoS Vuln
- https://tools.cisco....-20161005-dhcp1
5 Oct 2016 v1.0 High - "Summary: A vulnerability in the implementation of the DHCPv4 relay agent and smart relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of crafted DHCPv4 offer packets. An attacker could exploit this vulnerability by sending crafted DHCPv4 offer packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash. This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by crafted DHCP packets processed by a DHCP relay agent or smart relay agent listening on the device using the IPv4 broadcast address or the IPv4 unicast address of any interface configured on a device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following Cisco products are vulnerable if they are running Cisco NX-OS System Software that is configured for DHCP:
    Nexus 2000 Series Fabric Extenders
    Nexus 5000 Series Switches
    Nexus 5500 Platform Switches
    Nexus 5600 Platform Switches
    Nexus 6000 Series Switches
    Nexus 7000 Series Switches
    Nexus 7700 Series Switches
    Nexus 9000 Series Switches in Application Centric Infrastructure (ACI) mode
    Nexus 9000 Series Switches in NX-OS mode
The vulnerability affects only devices configured with DHCPv4 relay agent or smart relay agent functionality...
- http://www.securityt....com/id/1036948
CVE Reference: CVE-2015-6392
Oct 5 2016
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171 to this vulnerability.
Impact: A remote user can cause the target service or device to crash.
Solution: The vendor has issued a fix.
A patch matrix is available in the vendor advisory...   
___

isco NX-OS Software Malformed DHCPv4 Packet DoS Vuln
- https://tools.cisco....-20161005-dhcp2
5 Oct 2016 v1.0 High - "Summary: A vulnerability in the implementation of the DHCPv4 relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of malformed DHCPv4 packets. An attacker could exploit this vulnerability by sending malformed DHCPv4 packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash. This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by malformed DHCP packets processed by a DHCP relay agent listening on the device, using the IPv4 broadcast address or IPv4 unicast address of any interface configured on a device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following Cisco products are vulnerable if they are running Cisco NX-OS System Software that is configured for DHCP:
    Nexus 2000 Series Fabric Extenders
    Nexus 3000 Series Switches
    Nexus 3500 Platform Switches
    Nexus 5000 Series Switches
    Nexus 5500 Platform Switches
    Nexus 5600 Platform Switches
    Nexus 6000 Series Switches
    Nexus 7000 Series Switches
    Nexus 7700 Series Switches
    Nexus 9000 Series Switches in Application Centric Infrastructure (ACI) mode
    Nexus 9000 Series Switches in NX-OS mode
This vulnerability affects only devices configured with the DHCPv4 process enabled and configured as a DHCPv4 relay agent...
- http://www.securityt....com/id/1036949
CVE Reference: CVE-2015-6393
Oct 5 2016
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug IDs CSCuq39250, CSCuq39250 , CSCus21733, CSCus21739, CSCus21739 , CSCut76171, CSCut76171 , and CSCux67182 to this vulnerability.
Impact: A remote user can cause the target service or device to crash.
Solution: The vendor has issued a fix.
A patch matrix is available in the vendor advisory...
___

- https://www.us-cert....ecurity-Updates
Oct 5, 2016
 

Edited by AplusWebMaster, 06 October 2016 - 05:37 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Meeting Server Client Authentication Bypass Vuln
- https://tools.cisco....sa-20161012-msc
12 Oct 2016 v1.0 Critical - "Summary: A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability in some environments are available...
Vulnerable Products: Versions of the Cisco Meeting Server prior to 2.0.6 with XMPP enabled are affected by this vulnerability. Versions of the Acano Server prior to 1.8.18 and prior to 1.9.6 with XMPP enabled are also affected by this vulnerability...
Cisco Bug IDs: CSCvb62741
CVE-2016-6445
- http://www.securityt....com/id/1037000
___

Cisco Wide Area Application Services Central Manager DoS Vuln
- https://tools.cisco....a-20161012-waas
12 Oct 2016 v1.0 - "Summary: A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. The vulnerability is due to a lack of file size limitations for SSL system files stored on the disk. An attacker could exploit this vulnerability by sending a continuous stream of SSL traffic to the targeted device. An exploit could allow the attacker to cause a DoS condition due to the adverse impact on device performance. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability...
Vulnerable Products: Cisco Wide Area Application Services (WAAS) is affected. Cisco provides information about affected releases in Cisco bugs, which are accessible through the Cisco Bug Search Tool.
This vulnerability applies to:
    SSL (TCP port 443) management traffic of the WAAS Central Manager (CM)
    The WAAS accelerators receiving SSL connection requests ..."
Cisco Bug IDs: CSCva03095
CVE-2016-6437
- http://www.securityt....com/id/1037002
___

Cisco Unified Communications Manager iFrame Data Clickjacking Vuln
- https://tools.cisco....sa-20161012-ucm
12 Oct 2016 v1.0 - "Summary: The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. Protection mechanisms should be used to prevent this type of attack. The vulnerability is due to a lack of proper input sanitization of iframe data within the HTTP requests sent to the device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iframe data. An exploit could allow the attacker to perform a clickjacking or phishing attack where the user is tricked into clicking on a malicious link. Protection mechanisms should be used to prevent this type of attack. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco Unified Communications Manager (CUCM) is affected...
Cisco Bug IDs: CSCuz64683, CSCuz64698
CVE-2016-6440
- http://www.securityt....com/id/1037005
___

Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vuln
- https://tools.cisco....-20161012-prime
12 Oct 2016 v1.0 - "Summary: A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Repeated exploitation could result in a sustained denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...  
Vulnerable Products: The following products are affected:
    Cisco Prime Infrastructure
    Cisco Evolved Programmable Network Manager..."
Cisco Bug IDs: CSCva27038, CSCva28335
CVE-2016-6443
- http://www.securityt....com/id/1037006
___

Cisco cBR-8 Converged Broadband Router vty Integrity Vuln
- https://tools.cisco....-20161012-cbr-8
12 Oct 2016 v1.0 - "Summary: A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. The vulnerability is due to a logic processing error that exists if an affected device is configured with the Downstream Resiliency and Downstream Resiliency Bonding Group features. An attacker could exploit this vulnerability by continuously trying to establish Telnet or SSH connections to a targeted device. A successful exploit could allow the attacker to trigger an integrity issue with the vty line configuration. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers:
    All 3.16S releases
    All 3.17S releases
    Release 3.18.0S
    Release 3.18.1S
    Release 3.18.0SP ..."
Cisco Bug IDs: CSCuz62815
CVE-2016-6438
- http://www.securityt....com/id/1037003
 

Edited by AplusWebMaster, 14 October 2016 - 06:37 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco ASA Software Identity Firewall Feature Buffer Overflow Vuln
- https://tools.cisco....161019-asa-idfw
19 Oct 2016 v1.1 Critical - "Summary: A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic.
Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability...
Vulnerable Products: This vulnerability affects Cisco ASA Software configured with the Identity Firewall feature and with NetBIOS probing enabled. To verify whether NetBIOS probing is enabled, use the show running-config user-identity | include logout-probe command and verify that the command returns output..."
- http://www.securityt....com/id/1037059
CVE Reference: CVE-2016-6432
Oct 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The following models are affected:
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
Catalyst 6500 Series/7600 Series ASA Services Module
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
ASA for Firepower 9300 Series
ASA for Firepower 4100 Series
ISA 3000 Industrial Security Appliance
The vendor has assigned bug ID CSCvb19843 to this vulnerability...
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix...
___

Cisco ASA Software Local Certificate Authority DoS Vuln
- https://tools.cisco....20161019-asa-ca
19 Oct 2016 v1.1 High - "Summary: A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system.
Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability:
    Cisco ASA 5500 Series Adaptive Security Appliances
    Cisco ASA 5500-X Series Next-Generation Firewalls
    Cisco Adaptive Security Virtual Appliance (ASAv)
    Cisco ASA for Firepower 9300 Series
    Cisco ASA for Firepower 4100 Series
    Cisco ISA 3000 Industrial Security Appliance
Refer to the "Fixed Software" section of this security advisory for more information about the affected releases...
Vulnerable Products: Cisco ASA Software is affected by this vulnerability if the local CA feature is configured. To verify whether the local CA is configured, use the show crypto ca server command and verify that the output shows the local CA state enabled...
- http://www.securityt....com/id/1037060
CVE Reference: CVE-2016-6431
Oct 19 2016
Impact:  Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0, 8.1, 8.2, 8.3, 8.4, 8.6, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.6 ...
The vendor has assigned bug ID CSCuz47295 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix (9.0(4.42), 9.1(7.7), 9.2(4.13), 9.3(3.11), 9.4(3.6), 9.5(3), 9.6(1.5))...
___

Cisco Firepower Detection Engine HTTP DoS Vuln
- https://tools.cisco....0161019-fpsnort
19 Oct 2016 v1.0 High - "Summary: A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an HTTP packet stream. An attacker could exploit this vulnerability by sending a crafted HTTP packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following Cisco products are affected when they are running software versions 5.4.1.5, 6.0, or 6.0.0.1
    Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
    Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances
    Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances
    Firepower 4100 Series Security Appliances
    FirePOWER 7000 Series Appliances
    FirePOWER 8000 Series Appliances
    Firepower 9300 Series Security Appliances
    FirePOWER Threat Defense for Integrated Services Routers (ISRs)
    Sourcefire 3D System Appliances
    Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware
This vulnerability also affects the open source Snort project. For more information, see the Snort website:
- https://www.snort.org/
Details: This vulnerability can result in the Snort process restarting. While the Snort process is restarting, Snort detection could be bypassed or all network traffic inspection could fail. The behavior is platform and configuration dependent.
FirePOWER Platforms:
        Passive and bypass interfaces will bypass Snort inspection and pass the traffic.
        Routed, switched, and non-bypass interfaces will drop the traffic.
        FirePOWER Threat Defense (FTD) will drop the traffic.
Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
        If the ASA release supports the command-line interface (CLI) command sfr fail-open and it is configured, traffic will bypass Snort and not be dropped.
Workarounds: There are no workarounds that address this vulnerability...
- http://www.securityt....com/id/1037061
CVE Reference: CVE-2016-6439
Oct 19 2016
Impact: Denial of service via network, Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5500-X Series with FirePOWER Services; 5.4.1.5, 6.0, 6.0.0.1 ...
The vendor has assigned bug ID CSCux61630 to this vulnerability.
Impact: A remote user can cause the target Snort service to restart, bypassing Snort detection while the service restarts.
Solution: The vendor has issued a fix...
___

Cisco Meeting Server Cross-Site Request Forgery Vuln
- https://tools.cisco....sa-20161019-cms
19 Oct 2016 v1.0 - "Summary: A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow an attacker to submit arbitrary requests to the affected device via the Web Bridge with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco Meeting Server is vulnerable...
Fixed Software: Cisco Meeting Server version 2.0.4 software is available for download at Cisco's Software Download Center:
- https://software.cis...mdfid=286309710
Acano Meeting Server version 1.9.5 software is available for download on Acano's website:
- https://www.acano.co...port/downloads/
Cisco provides information about fixed software in Cisco bugs, which are accessible through the Cisco Bug Search Tool: https://bst.cloudapp....com/bugsearch/
CVE-2016-6444
Cisco Bug IDs: CSCvb03308
___

Cisco Meeting Server Information Disclosure Vuln
- https://tools.cisco....a-20161019-cms1
19 Oct 2016 v1.0 - "Summary: A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. The vulnerability is due to missing bounds checks in the Web Bridge functionality. An attacker could exploit this vulnerability by sending a crafted packet to the affected server. An exploit could allow the attacker to disclose a portion of memory from the server for every packet. The disclosed portions of memory could contain sensitive information such as private keys or passwords. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco Meeting Server is affected...
Fixed Software: Cisco Meeting Server version 2.0.4 software is available for download at Cisco's Software Download Center:
- https://software.cis...mdfid=286309710
Acano Meeting Server version 1.9.5 software is available for download on Acano's website:
- https://www.acano.co...port/downloads/
Cisco provides information about fixed software in Cisco bugs, which are accessible through the Cisco Bug Search Tool: https://bst.cloudapp....com/bugsearch/
CVE-2016-6446
Cisco Bug IDs: CSCvb03308
___

- https://www.us-cert....ecurity-Updates
Oct 19, 2016
 

Edited by AplusWebMaster, 20 October 2016 - 06:04 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco WebEx Meetings Player Arbitrary Code Execution Vuln
- https://tools.cisco....meetings-player
22 Oct 2016 v1.1 Critical - "Summary: A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: This vulnerability affects Cisco WebEx Meetings Player. For information about fixed releases, refer to the "Fixed Software" section of this advisory...
Cisco Bug IDs: CSCva09375
CVE-2016-1464

Revision History:
Version 1.2: Changed "malicious file" to "malicious WRF file"... 2016-Oct-25
____

- https://www.us-cert....Security-Update
Oct 24, 2016
 

Edited by AplusWebMaster, 25 October 2016 - 01:17 PM.

[AplusWebMaster]

FYI...

>> https://tools.cisco....Vulnerabilities

Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vuln
- https://tools.cisco....-20161026-ipics
26 Oct 2016 v1.0 Critical ...

Cisco Email Security Appliance Malformed DGN File Attachment DoS Vuln
- https://tools.cisco....a-20161026-esa1
26 Oct 2016 v1.0 High ...
- http://www.securityt....com/id/1037123

Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning DoS Vuln
- https://tools.cisco....a-20161026-esa2
26 Oct 2016 v1.0 High ...
- http://www.securityt....com/id/1037124

Cisco Email Security Appliance Corrupted Attachment Fields DoS Vuln
- https://tools.cisco....a-20161026-esa3
26 Oct 2016 v1.0 High ...
- http://www.securityt....com/id/1037122

Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine DoS Vuln
- https://tools.cisco....sa-20160908-ace
26 Oct 2016 v1.2 High ...

Total of -10- listed here: https://tools.cisco....Vulnerabilities

... and -9- more here: https://tools.cisco....Vulnerabilities

>> https://www.us-cert....ltiple-Products
Oct 26, 2016
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vuln
- https://tools.cisco....sa-20161102-tl1
2 Nov 2016 v1.0 Critical - "Summary: A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. The vulnerability exists because the affected software performs incomplete bounds checks on input data. An attacker could exploit this vulnerability by sending a malicious request to the TL1 port, which could cause the device to reload. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software:
    3.17.0S
    3.17.1S
    3.17.2S
    3.18.0S
    3.18.1S ...
Cisco Bug IDs: CSCuy15175
CVE-2016-6441
___

Cisco Prime Home Authentication Bypass Vuln
- https://tools.cisco....sa-20161102-cph
2 Nov 2016 v1.0 Critical - "Summary: A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a particular URL. An exploit could allow the attacker to obtain a valid session identifier for an arbitrary user, which would allow the attacker to perform any actions in Cisco Prime Home for which that user is authorized—including users with administrator privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are -not- vulnerable. Administrators can verify whether they are running an affected version by opening the Prime Home URL in their browser and checking the Version: line in the login window. If currently logged in, the version information can be viewed in the bottom left of the Prime Home GUI footer, next to the Cisco Prime Home text...
Cisco Bug IDs: CSCvb71732
CVE-2016-6452
___

Cisco Meeting Server and Meeting App Buffer Underflow Vuln
- https://tools.cisco....sa-20161102-cms
2 Nov 2016 v1.0 High - "Summary: A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv6 input to the vulnerable function. A successful exploit could result in an exploitable buffer underflow condition. An attacker could leverage this buffer underflow condition to incorrectly allocate memory and cause a reload of the device or execute arbitrary code with the privileges of the affected application. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: This vulnerability affects the following products:
    Cisco Meeting Server releases prior to 2.0.1
    Acano Server releases prior to 1.8.16 and prior to 1.9.3
    Cisco Meeting App releases prior to 1.9.8
    Acano Meeting Apps releases prior to 1.8.35 ...
Cisco Bug IDs: CSCva75942, CSCvb67878
CVE-2016-6447
___

Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vuln
- https://tools.cisco....a-20161102-cms1
2 Nov 2016 v1.0 High - "Summary: A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software performs incomplete input validation of the size of media lines in session descriptions. An attacker could exploit this vulnerability by sending crafted packets to the SDP parser on an affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on an affected system, which could allow the attacker to execute arbitrary code on the system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following products:
    Cisco Meeting Server releases prior to Release 2.0.3
    Acano Server releases 1.9.x prior to Release 1.9.5
    Acano Server releases 1.8.x prior to Release 1.8.17
For more information about this vulnerability in Acano Server releases 1.8.x and 1.9.x, see the following resources on the Acano website:
Acano Server & VM Release 1.8.17 Release Notes
> ftp://ftp.acano.com/software/server/1.8/1.8.17/Release%20Notes%20R1.8.17.pdf
and Acano Server & VM Release 1.9.5 Release Notes
> https://www.acano.co...otes-R1.9.5.pdf
Cisco Bug IDs: CSCva76004
CVE-2016-6448
___

- https://www.us-cert....ltiple-Products
Nov 02, 2016
___

- http://www.securityt....com/id/1037179
- http://www.securityt....com/id/1037180
- http://www.securityt....com/id/1037181
- http://www.securityt....com/id/1037182
Nov 2 2016
- http://www.securityt....com/id/1037185
- http://www.securityt....com/id/1037186
- http://www.securityt....com/id/1037187
Nov 3 2016
 

Edited by AplusWebMaster, 07 November 2016 - 08:55 AM.