332 replies to this topic

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vuln
- https://tools.cisco....a-20161116-esa1
16 Nov 2016 v1.0 - "Summary: A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. The vulnerability is due to improper error handling when malformed Multipurpose Internet Mail Extensions (MIME) headers are present in an email attachment that is sent through an affected device. An attacker could exploit this vulnerability by sending an email message that has a crafted, MIME-encoded file attachment through an affected device. A successful exploit could allow the attacker to bypass AMP filter configurations for the device. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments...
- http://www.securityt....com/id/1037307
CVE Reference: CVE-2016-6462
Nov 17 2016
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug IDs CSCva13456 [CVE-2016-6462] and CSCuz85823 [CVE-2016-6463] to these vulnerabilities.
Impact: A remote user can bypass the configured AMP filters on the target system.
Solution: The vendor has issued a fix (9.7.2-131, 10.0.0-203)...
___

Cisco ASA Input Validation File Injection Vuln
- https://tools.cisco....sa-20161116-asa
16 Nov 2016 v1.0 - "Summary: A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting XML input into the affected fields of the web interface. An exploit could allow the attacker to impact the integrity of the device data. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco Adaptive Security Appliance is affected...
- http://www.securityt....com/id/1037306
CVE Reference: CVE-2016-6461
Nov 17 2016
Vendor Confirmed:  Yes  
Version(s): 5500-X; 9.1(6.10) ...
The vendor has assigned bug ID CSCva38556 to this vulnerability...
Impact: A remote user can execute arbitrary XML commands on the target system.
Solution: The vendor has issued a fix (96.2(0.95), 97.1(6.30), 97.1(12.7), 97.1(0.55), 100.8(40.129), 100.15(0.137), 100.11(0.75))...
___

Cisco ASR 5000 Series ipsecmgr Service DoS Vuln
- https://tools.cisco....sa-20161116-asr
16 Nov 2016 v1.0 - "Summary: A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of Internet Key Exchange (IKE) messages. An attacker could exploit this vulnerability by sending crafted IKE messages toward the router. An exploit could allow the attacker to cause a reload of the ipsecmgr service. A reload of the ipsecmgr service might result in all IPsec VPN tunnels being terminated and new tunnels being unable to establish until the service has restarted, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
- http://www.securityt....com/id/1037308
CVE Reference: CVE-2016-6466
Nov 17 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5000/5500 Series ...
The vendor has assigned bug ID CSCva13631 to this vulnerability.
Impact: A remote user can cause the target ipsecmgr service to reload, dropping all active IPSec tunnels.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Note: -32- Cisco advisories were published Dec 7, 2016:

1 - 10
Cisco Email Security Appliance Content Filter Bypass Vulnerability
Medium CVE-2016-6465 2016 Dec 07 v2.0
- http://tools.cisco.c...sa-20161207-esa
Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
Medium CVE-2016-5195 2016 Dec 07 1.6
- http://tools.cisco.c...-20161026-linux
Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
High   CVE-2015-0642, CVE-2015-0643 2016 Dec 07 1.3
- http://tools.cisco.c...-20150325-ikev2
Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability
Medium     CVE-2016-9212 2016 Dec 07 1.0
- https://tools.cisco....a-20161207-wsa1
Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability
Medium     CVE-2016-6469 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-wsa
Cisco Firepower Management Center Information Disclosure Vulnerability
Medium     CVE-2016-6471 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-vdc
Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability
Medium     CVE-2016-6464 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-ucm
Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
Medium     CVE-2016-9200 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-pca
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
Medium     CVE-2016-9214 2016 Dec 07 1.0
- https://tools.cisco....a-20161207-ise1
Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability
Medium     CVE-2016-9198 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-ise
___
11 - 20
Cisco IOS XR Software Default Credentials Vulnerability
Medium     CVE-2016-9215 2016 Dec 07 1.0
- https://tools.cisco....-20161207-iosxr
Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability
Medium     CVE-2016-9201 2016 Dec 07 1.0
- http://tools.cisco.c...0161207-ios-zbf
Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability
Medium     CVE-2016-9205 2016 Dec 07 1.0
- https://tools.cisco....20161207-ios-xr
Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability
Medium     CVE-2016-6474 2016 Dec 07 1.0
- http://tools.cisco.c...207-ios-xe-x509
Cisco IOS Frame Forwarding Denial of Service Vulnerability
Medium     CVE-2016-6473 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-ios
Cisco Intercloud Fabric Director Static Credentials Vulnerability
Medium     CVE-2016-9204 2016 Dec 07 1.0
- https://tools.cisco....sa-20161207-icf
Cisco Hybrid Media Service Privilege Escalation Vulnerability
Medium     CVE-2016-6470 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-hms
Cisco FirePOWER Malware Protection Bypass Vulnerability
Medium     CVE-2016-9209 2016 Dec 07 1.0
- https://tools.cisco....a-20161207-fpwr
Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability
Medium     CVE-2016-9193 2016 Dec 07 1.0
- http://tools.cisco.c...61207-firepower
Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability
Medium     CVE-2016-6449 2016 Dec 07 1.0
- http://tools.cisco.c...0161207-fireamp
___
21 - 30
Cisco Expressway Series Software Security Bypass Vulnerability
Medium     CVE-2016-9207 2016 Dec 07 1.0
- https://tools.cisco....1207-expressway
Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability
Medium     CVE-2016-9202 2016 Dec 07 1.0
- https://tools.cisco....a-20161207-esa1
Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability
Medium     CVE-2016-9210 2016 Dec 07 1.0
- https://tools.cisco....sa-20161207-cur
Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability
Medium     CVE-2016-9206 2016 Dec 07 1.0
- https://tools.cisco....a-20161207-cucm
Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability
Medium     CVE-2016-9211 2016 Dec 07 1.0
- https://tools.cisco....a-20161207-cons
Cisco Emergency Responder Directory Traversal Vulnerability
Medium     CVE-2016-9208 2016 Dec 07 1.0
- https://tools.cisco....a-20161207-cer1
Cisco Emergency Responder Cross-Site Request Forgery Vulnerability
Medium     CVE-2016-6468 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-cer
Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability
Medium     CVE-2016-9199 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-caf
Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability
Medium     CVE-2016-1411 2016 Dec 07 1.0
- https://tools.cisco....0161207-asyncos
Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability
Medium     CVE-2016-9203 2016 Dec 07 1.0
- https://tools.cisco....a-20161207-asr1
___
31 - 32
Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability
Medium     CVE-2016-6467 2016 Dec 07 1.0
- http://tools.cisco.c...sa-20161207-asr
Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability
Medium     CVE-2016-9192 2016 Dec 07 1.0
- http://tools.cisco.c...207-anyconnect1
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Advisory/Alert    Impact     CVE Last-Updated  Version

Cisco Expressway Series Software Security Bypass Vulnerability
Medium     CVE-2016-9207 2016 Dec 19     2.0
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
Medium     CVE-2015-8138, CVE-2016-7426 2016 Dec 15  1.3
Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
High    CVE-2015-6278, CVE-2015-6279 2016 Dec 08  1.2
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vuln
- https://tools.cisco....sa-20161221-cco
21 Dec 2016 v1.1 Critical - "Summary: A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. The vulnerability is due to a misconfiguration that causes the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker containers on the affected system with arbitrary privileges. As a secondary impact this may allow the attacker to gain root privileges on the affected CloudCenter Orchestrator. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available...
Vulnerable Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface)...
This vulnerability has been fixed in the Cisco CloudCenter Orchestrator 4.6.2 patch release..."
CVE-2016-9223
Advisory ID: cisco-sa-20161221-cco
___

Cisco Jabber Guest Server HTTP URL Redirection Vuln
- https://tools.cisco....20161221-jabber
21 Dec 2016 v1.0 - "Summary: A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco Jabber Guest Server. An attacker could exploit this vulnerability by sending a crafted URL to the Cisco Jabber Guest Server. An exploit could allow an attacker to connect to arbitrary hosts. Workarounds that address this vulnerability are not available...
Vulnerable Products: This vulnerability affects Cisco Jabber Guest Server..."
- http://www.securityt....com/id/1037516
CVE Reference: CVE-2016-9224
Dec 21 2016
Impact: Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes
The vendor has assigned bug ID CSCvc31635 to this vulnerability.
Impact: A remote user can connect to arbitrary hosts via the target system.
Solution: The vendor has issued a fix...
___

Cisco Intercloud Fabric Database Static Credentials Vuln
- https://tools.cisco....sa-20161221-icf
21 Dec 2016 v1.0 - "Summary: A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. The vulnerability occurs because the database account uses static credentials. An attacker could exploit this vulnerability by using these credentials to connect to the database. The contents of the database can then be examined or modified. Note that this database contains only internal objects used by the application. The database does not contain other credentials. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers are affected..."
CVE-2016-9217
Cisco Bug IDs: CSCus99394
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vuln
- https://tools.cisco....-20170118-cucm1
2017 Jan 19
___

Cisco Email Security Appliance Filter Bypass Vuln
- http://tools.cisco.c...sa-20170118-esa
2017 Jan 19
> http://www.securityt....com/id/1037656
___

Cisco WebEx Meeting Center
- http://tools.cisco.c...sa-20170118-wms
2017 Jan 18
> http://www.securityt....com/id/1037649

- http://tools.cisco.c...a-20170118-wms1
2017 Jan 18
> http://www.securityt....com/id/1037650

- http://tools.cisco.c...a-20170118-wms2
2017 Jan 18
> http://www.securityt....com/id/1037651

- http://tools.cisco.c...a-20170118-wms3
2017 Jan 18
> http://www.securityt....com/id/1037648

- http://tools.cisco.c...a-20170118-wms4
2017 Jan 18
> http://www.securityt....com/id/1037647
_______

Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing DoS Vuln
- https://tools.cisco....-20170118-nexus
2017 Jan 18
> http://www.securityt....com/id/1037658
___

Cisco IOS and Cisco IOx Software Information Disclosure Vuln
- https://tools.cisco....sa-20170118-ios
2017 Jan 18
> http://www.securityt....com/id/1037654
___

Cisco Unified Communications Manager Cross-Site Scripting Vuln
- https://tools.cisco....a-20170118-cucm
2017 Jan 18
> http://www.securityt....com/id/1037653
___

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vuln
- http://tools.cisco.c...-20170118-cucm1
2017 Jan 18
> http://www.securityt....com/id/1037655
___

Cisco Mobility Express 2800 and 3800 DoS Vuln
- https://tools.cisco....a-20170118-cme2
2017 Jan 18
___

Cisco IOS for Catalyst 2960X and 3750X Switches DoS Vuln
- http://tools.cisco.c...170118-catalyst
2017 Jan 18
> http://www.securityt....com/id/1037657
___

Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing DoS Vuln
- http://tools.cisco.c...sa-20170118-asr
2017 Jan 18
> http://www.securityt....com/id/1037652
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco WebEx Browser Extension Remote Code Execution Vuln
- https://tools.cisco....-20170124-webex
2017 Jan 24 v1.0 Critical - "Summary: A vulnerability in the Cisco WebEx browser extensions provided by Cisco WebEx Meetings Server and Cisco WebEx Meetings Center could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to the use of a crafted pattern by the affected software. An attacker could exploit this vulnerability by directing a user to a web page that contains the crafted pattern and starting a WebEx session. The WebEx session could allow the attacker to execute arbitrary code on the affected system, which could be used to conduct further attacks. Cisco has begun to release software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects all current, previous, and deprecated versions of the Cisco WebEx browser extensions for Chrome, Firefox, and Internet Explorer for Windows... Cisco has confirmed that this vulnerability does not affect Cisco WebEx browser extensions for Mac or Linux, or Cisco WebEx browser extensions Microsoft Edge... There are no workarounds that address this vulnerability. However, administrators and users of Microsoft Windows systems can use Microsoft Edge to join and participate in WebEx sessions because Edge is not affected by this vulnerability. Additionally, administrators and users can remove all WebEx software from a Windows system by using the Meeting Services Removal Tool, which is available from: https://help.webex.com/docs/DOC-2672
Cisco Bug IDs: CSCvc86959, CSCvc88194
CVE-2017-3823

- http://arstechnica.c...ive-by-attacks/
1/23/2017 - "... The -critical- update is made available in version 1.0.3 of the WebEx extension for Chrome. It will be downloaded and run automatically, but given the severity, users should make sure it's installed immediately by clicking on the three vertical dots in the top right of Chrome. They should choose:
More Tools, Extensions, and view the information pertaining to WebEx. To force WebEx to update right away, users can check the 'Developer Mode' checkbox and click the 'Update extensions now' button."

> https://support.webe...#enable_plug-in
___

- http://www.securityt....com/id/1037680
CVE Reference: CVE-2017-3823
Jan 24 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): plugin version 1.0.3 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has developed a fix (Cisco WebEx Extension for Google Chrome version 1.0.5) and is releasing the fix for Cisco WebEx Meetings Server and Cisco WebEx Meetings Center...
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco TelePresence Multipoint Control Unit Remote Code Execution Vuln
- https://tools.cisco....25-telepresence
25 Jan 2017 v1.0 Critical - "Summary: A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: The following Cisco TelePresence MCU platforms are affected when running software version 4.3(1.68) or later configured for Passthrough content mode:
    TelePresence MCU 5300 Series
    TelePresence MCU MSE 8510
    TelePresence MCU 4500 ..."
- http://www.securityt....com/id/1037698
CVE Reference: CVE-2017-3792
Jan 25 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCuu67675 to this vulnerability.
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (4.5(1.89))...
___

Cisco Expressway Series and TelePresence VCS DoS Vuln
- https://tools.cisco....0125-expressway
25 Jan 2017 v1.0 High - "Summary: A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable...
- http://www.securityt....com/id/1037697
CVE Reference: CVE-2017-3790
Jan 25 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCus99263 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix (X8.8.2)...
___

Cisco Adaptive Security Appliance CX Context-Aware Security DoS Vuln
- https://tools.cisco....sa-20170125-cas
25 Jan 2017 v1.0 High - "Summary: A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition.
Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects all versions of the ASA CX Context-Aware Security module...
Workarounds: There are no workarounds that address this vulnerability. The following mitigation helps limit exposure to this vulnerability. Configure ASA to drop any IP fragments it receives as follows:
        ASA# conf t
        ASA(config)# fragment chain 1
        ASA(config)# exit
Caution: Please note that this can be configured globally only, so it will affect all user traffic passing across the ASA, not only traffic specifically directed toward the Cisco ASA CX module. This configuration will result in all IP fragments being dropped by the ASA, even if this traffic will not be handled by the ASA CX module...
- http://www.securityt....com/id/1037696
CVE Reference: CVE-2016-9225
Jan 25 2017
The vendor has assigned bug ID CSCva62946 to this vulnerability.
Impact: A remote user can consume excessive memory resources on the target module and cause the module to stop processing traffic.
Solution: No solution was available at the time of this entry.
[Editor's note: The ASA CX module has entered the end-of-life (EoL) process and the vendor does not plan to issue a fix.]
___

Cisco WebEx Browser Extension Remote Code Execution Vuln
- https://tools.cisco....-20170124-webex

2017-Feb-4 v1.9 Critical - "Updated Internet Explorer information in the Vulnerable Products and Fixed Software sections..."

2017-Jan-31 v1.8 - "Added additional plugin identification information for Microsoft Internet Explorer. Added Cisco WebEx Productivity Tools to the list of products confirmed not affected..."
2017-Jan-31 v1.7 - "Added additional plugin identification information for affected browsers in Affected Products section. Additional clarifying information added to Fixed Software section. Added information about upgrading all clients to be compatible with the deployed site application version. Added product status information for Cisco WebEx Meetings Server 2.0 customers..."
2017-Jan-30 v1.6 - "Updated Affected Products and Fixed Software with correct version information for Internet Explorer..."
2017-Jan-29 v1.5 - "Updated Fixed Software table of fixed application versions for WebEx sites and customer premises installations..."
2017-Jan-28 v1.4 - "Updated Summary to reflect updates to all browser extensions. Updated Vulnerable Products to reflect updates to Firefox and Internet Explorer browser extension releases. Updated Fixed Software to include Firefox and Internet Explorer steps to confirm fixed software installation and table of fixed application versions for WebEx sites..."
2017-Jan-27 v1.3 - "Updated summary to include information about Firefox. Updated Vulnerable Products to include additional details about browser extension identification..."
2017-Jan-26 v1.2 - "Version 1.0.7 of the Cisco WebEx Extension for Chrome has been made available in the Google Chrome Web Store. Cisco is currently developing updates that address this vulnerability for Firefox and Internet Explorer. There are no workarounds that address this vulnerability..."
Updated summary to include Cisco WebEx Extension update. Updated Fixed Software to reflect Cisco WebEx Extension update for Chrome being available and added Cisco WebEx Meetings bug. Updated Vulnerable Products to no longer reflect Chrome. Updated Products Confirmed Not Vulnerable to reflect Chrome.
25 Jan 2017 v1.1 - "Updated details to better explain the vulnerability. Updated fixed software information to indicate that No Fixes are currently available. Previous release of the WebEx Plugin for Chrome version 1.0.5 was incomplete..."
Cisco bug ID's:
Cisco WebEx Meeting Centers: https://tools.cisco..../bug/CSCvc86959
Cisco WebEx Meetings Server: https://tools.cisco..../bug/CSCvc88194
Cisco WebEx Meetings: https://tools.cisco..../bug/CSCvc88535
Cisco WebEx Support Center: https://bst.cloudapp.../bug/CSCvc95044
Cisco WebEx Meetings Server: https://tools.cisco..../bug/CSCvc88194
Cisco WebEx Meetings: https://tools.cisco..../bug/CSCvc88535

> https://software.cis...19&flowid=76922

- http://www.securityt....com/id/1037680

- https://web.nvd.nist...d=CVE-2017-3823
Last revised: 02/01/2017
___

- https://www.kb.cert.org/vuls/id/909240
Last revised: 27 Jan 2017
 

Edited by AplusWebMaster, 05 February 2017 - 01:05 PM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Prime Home Authentication Bypass Vuln
- https://tools.cisco....0201-prime-home
2017 Feb 1 v1.0 Critical - "Summary: A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release...
Cisco Bug IDs: CSCvb49837
- https://web.nvd.nist...d=CVE-2017-3791
Last revised: 02/05/2017
CVSS v3 Base Score: 10.0

- https://www.us-cert....ecurity-Updates
Feb 01, 2017

- https://www.sans.org...ites/xix/10#306
"... Cisco is urging Internet service providers (ISPs) and others using the vulnerable systems to update as soon as possible... equipment typically deployed by ISPs; they will have to deploy the patch. Consumers will most likely not be able to do so..."
___

Cisco ASR 1000 Series Routers
- http://www.securityt....com/id/1037770
CVE Reference: CVE-2017-3820
Feb 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Version(s): ASR 1000; IOS XE 3.13.6S, 3.16.2S, 3.17.1S ...
The vendor has assigned bug ID CSCux68796 to this vulnerability.
Impact: A remote authenticated user can consume excessive CPU resources on the target system.
Solution: The vendor has issued a fix.
The vendor advisory is available at:
- https://tools.cisco....0170201-asrsnmp
___

Cisco Email Security Appliance Bug in MIME Scanner
- http://www.securityt....com/id/1037773
CVE Reference: CVE-2017-3818
Feb 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCvb65245 to this vulnerability.
Impact: A remote user can bypass security filters on the target system.
Solution: The vendor has issued a fix (9.8.0-092).
The vendor advisory is available at:
- https://tools.cisco....a-20170201-esa1
___

Cisco IOS XE on cBR-8 Converged Broadband Routers
- http://www.securityt....com/id/1037774
CVE Reference: CVE-2017-3824
Feb 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCux40637 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix (IOS XE 15.5(3)S2, 15.6(1)S1, 15.6(2)S, 15.6(2)SP, 16.4(1)).
The vendor advisory is available at:
- https://tools.cisco....sa-20170201-cbr
___

Cisco ASA Firepower Device Manager
- http://www.securityt....com/id/1037775
CVE Reference: CVE-2017-3822
Feb 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCvb86860 to this vulnerability.
Impact: A remote user can add arbitrary log entries on the target system.
Solution: The vendor has issued a fix (Cisco Firepower Threat Defense Software 6.2.0).
The vendor advisory is available at:
- https://tools.cisco....a-20170201-fpw2
___

Cisco FireSIGHT Firepower Management Center
- http://www.securityt....com/id/1037776
CVE Reference: CVE-2017-3809
Feb 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Version(s): FireSIGHT Management Center 1500, 3500
The vendor has assigned bug ID CSCvb95281 to this vulnerability.
Impact: A remote user can prevent full policy rule base deployment on the target system.
Solution: The vendor has issued a fix (Firepower Management Center 6.1.0.1, 6.2.0).
The vendor advisory is available at:
- https://tools.cisco....sa-20170201-fmc
 

Edited by AplusWebMaster, 07 February 2017 - 10:09 AM.

[AplusWebMaster]

FYI...

Cisco Clock Signal Component Failure Advisory
- https://www.us-cert....ailure-Advisory
Feb 6, 2017 - "Cisco has released a -hardware- advisory for a clock signal component used in some of its devices, which include switches and routers. Devices that contain the faulty component could potentially fail after 18 months of use. US-CERT encourages users and administrators to review the Cisco advisory* (link is external) for more information and replacement guidance."
* http://www.cisco.com...ock-signal.html
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vuln
- https://tools.cisco....0208-anyconnect
8 Feb 2017 v1.0 High - " Summary: A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: This vulnerability affects Cisco AnyConnect Secure Mobility Client for Windows when configured for SBL..."
- http://www.securityt....com/id/1037796
CVE Reference: CVE-2017-3813
Feb 8 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCvc43976 to this vulnerability.
Impact: A local user can obtain system privileges on the target system.
Solution: The vendor has issued a fix (4.3.05017, 4.4.00243)...
___

Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vuln
- https://tools.cisco....sa-20170208-asa
8 Feb 2017 v1.1 High - " Summary: A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available...
Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability:
    Cisco ASA 5500 Series Adaptive Security Appliances
    Cisco ASA 5500-X Series Next-Generation Firewalls
    Cisco Adaptive Security Virtual Appliance (ASAv)
    Cisco ASA for Firepower 9300 Series
    Cisco ASA for Firepower 4100 Series
    Cisco ISA 3000 Industrial Security Appliance
Vulnerable Products: Cisco ASA Software is affected by this vulnerability if the Clientless SSL VPN portal is enabled...
- http://www.securityt....com/id/1037797
CVE Reference: CVE-2017-3807
Feb 8 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCvc23838 to this vulnerability.
Impact: A remote authenticated user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (9.1(7.13), 9.4(4), 9.6(2.10)).
The vendor plans to issue a fix for 9.2 and 9.5 in April 2017..."
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x
(-19- total posted 2017 Feb 15 / 1x 'Critical' - others 'Medium')

Cisco UCS Director Privilege Escalation Vuln
- https://tools.cisco....sa-20170215-ucs
15 Feb 2017 v1.0 Critical - "Summary: A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants.    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco UCS Director versions 6.0.0.0 and 6.0.0.1 are vulnerable..."
- http://www.securityt....com/id/1037830
CVE Reference: CVE-2017-3801
Feb 15 2017
Fix Available:  Yes  Vendor Confirmed:  Yes
Version(s): Director 6.0.0.0, 6.0.0.1 ...
The vendor has assigned bug ID CSCvb64765 to this vulnerability.
Impact: A remote authenticated user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix...

> https://www.us-cert....Security-Update
15 Feb 2017
___

Cisco Email Security Appliance
- http://www.securityt....com/id/1037831
CVE Reference: CVE-2017-3827
Feb 15 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.9.9-894, 10.0.0-203 ...
The vendor has assigned bug IDs CSCvb91473 and CSCvc76500 to this vulnerability.
Impact: A remote user can bypass configured security filters on the target system.
Solution: The vendor has issued a fix.
The vendor advisory is available at:
- https://tools.cisco....0170215-asyncos
___

Cisco Web Security Appliance
- http://www.securityt....com/id/1037832
CVE Reference: CVE-2017-3827
Feb 15 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.9.9-894, 10.0.0-203 ...
The vendor has assigned bug IDs CSCvb91473 and CSCvc76500 to this vulnerability.
Impact: A remote user can bypass configured security filters on the target system.
Solution: The vendor has issued a fix.
The vendor advisory is available at:
- https://tools.cisco....0170215-asyncos
___

... Others:

- http://www.securityt....com/id/1037833

- http://www.securityt....com/id/1037834

... See remaining posts here: http://www.securityt...mmary/9000.html
dated Feb 15 2017.
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco NetFlow Generation Appliance Stream Control Transmission Protocol DoS Vuln
- https://tools.cisco....sa-20170301-nga
2017 March 1 v1.0 High - "Summary: A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: The following Cisco NetFlow Generation Appliances are vulnerable:
    NGA 3140
    NGA 3240
    NGA 3340..."

- http://www.securityt....com/id/1037938
CVE Reference: CVE-2017-3826
Mar 1 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Models 3140, 3240, 3340 ...
The vendor has assigned bug ID CSCvc83320 to this vulnerability.
Impact: A remote user can cause the target device to hang or reload.
Solution: The vendor has issued a fix...
___

- https://www.us-cert....Security-Update
March 01, 2017
 

Edited by AplusWebMaster, 02 March 2017 - 04:28 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vuln Affecting Cisco Products
- https://tools.cisco....0170310-struts2
14 Mar 2017 v1.4 Critical - "Summary: On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a crafted Content-Type header value...
Vulnerable Products: The following table[1] lists Cisco products that are affected by the vulnerability described in this advisory. Detailed information regarding specific fixed software versions will be documented in the Cisco bugs listed in the Vulnerable Products table in this section of the advisory. The bugs are accessible through the Cisco Bug Search Tool. When planning a software upgrade, be sure to review the bugs directly because they will have the most current and up-to-date information...
1] See table at the URL above.
Indicators of Compromise: Cisco has released Cisco IPS Signature Sig-ID 7872-0 and Snort ID 41818 to help detect exploitation of this vulnerability..."
- https://web.nvd.nist...d=CVE-2017-5638
Advisory ID: cisco-sa-20170310-struts2
Revision History:
    Version     Description     Section     Status     Date
    1.5     Updated product lists.     Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable     Interim     2017-March-15
    1.4     Updated product lists.     Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable     Interim     2017-March-14 ...
Also see "Fixed Release Availability" at the Cisco URL above.

- http://www.securityt....com/id/1037988
CVE Reference: https://web.nvd.nist...d=CVE-2017-5638
Mar 14 2017
Vendor Confirmed:  Yes  Exploit Included:  Yes ...
Impact: A remote user can execute arbitrary operating system commands on the target system...
 

Edited by AplusWebMaster, 25 March 2017 - 10:50 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vuln
- https://tools.cisco....20170315-ap1800
15 Mar 2017 v1.0 Critical - "Summary: A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. To determine which software version is running on a device, administrators can use the web interface or issue the show version command from the CLI...
CVE-2017-3831
Cisco Bug IDs: CSCuy68219
___

Cisco StarOS SSH Privilege Escalation Vuln
- https://tools.cisco....sa-20170315-asr
15 Mar 2017 v1.0 High - "Summary: A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: The following products have been confirmed to be vulnerable:
- Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable.
- Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable...
CVE-2017-3819
Cisco Bug IDs: CSCva65853
___

Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vuln
- https://tools.cisco....sa-20170315-tes
15 Mar 2017 v1.0 High - "Summary: A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following products:
- Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later
- Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later...
CVE-2017-3846
Cisco Bug IDs: CSCvc90789
___

Cisco Meshed Wireless LAN Controller Impersonation Vuln
- https://tools.cisco....170315-wlc-mesh
15 Mar 2017 v1.0 High - "Summary: A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system. Cisco has released software updates that address this vulnerability. Note that additional configuration is needed in addition to upgrading to a fixed release. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following products running a vulnerable version of Wireless LAN Controller software and configured for meshed mode:
- Cisco 8500 Series Wireless Controller
- Cisco 5500 Series Wireless Controller
- Cisco 2500 Series Wireless Controller
- Cisco Flex 7500 Series Wireless Controller
- Cisco Virtual Wireless Controller
- Wireless Services Module 2 (WiSM2) ...
CVE-2017-3854
Cisco Bug IDs: CSCuc98992, CSCuu14804
___

- https://www.us-cert....ecurity-Updates
15 Mar 2017

MORE listed here:
> http://www.securityt...mmary/9000.html
... all dated Mar 15 2017
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vuln
- https://tools.cisco....sa-20170317-cmp
17 Mar 2017 v1.0 Critical - "Summary: A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:
- The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
- The incorrect processing of malformed CMP-specific Telnet options.
An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following Cisco devices when running a vulnerable Cisco IOS software release and configured to accept incoming Telnet connections...
(Long list of 'Cisco Catalyst xxxx' devices at the URL above.)

- http://www.securityt....com/id/1038059
CVE Reference: https://web.nvd.nist...d=CVE-2017-3881
Mar 17 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 15.0(2)SE10 ...
The vendor has assigned bug ID CSCvd48893 to this vulnerability.
[Editor's note: This vulnerability is included in the WikiLeaks "Vault 7" exploit collection.]
Impact: A remote user can cause the target system to reload.
A remote user can execute arbitrary code with elevated privileges on the target system.
Solution: The vendor has issued a fix (15.2(5.5.15i)E2)...
___

- https://www.helpnets...lt-7-data-dump/
Mar 20, 2017
 

Edited by AplusWebMaster, 20 March 2017 - 07:53 AM.