332 replies to this topic

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar DoS Vuln
- https://tools.cisco....sa-20170320-ani
20 Mar 2017 v1.0 High - "Summary: A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics:
- Running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature
- Configured as an autonomic registrar
- Has a whitelist configured
An exploit could allow the attacker to cause the affected device to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco IOS Software and Cisco IOS XE Software devices with all the following characteristics:
 Running a release of Cisco IOS Software or Cisco IOS XE Software that supports the ANI feature
 Configured as an autonomic registrar
 Has a configured whitelist..."

- http://www.securityt....com/id/1038064
CVE Reference: https://web.nvd.nist...d=CVE-2017-3849
Mar 20 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCvc42717 to this vulnerability.
Impact: A remote user on the local network can cause the target system to reload.
Solution: The vendor has issued a fix...
___

Cisco IOS and IOS XE Software IPv6 DoS Vuln
- https://tools.cisco....0170320-aniipv6
20 Mar 2017 v1.0 High - "Summary: A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability:
- The device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured)
- The device must have a reachable IPv6 interface
An exploit could allow the attacker to cause the affected device to reload. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability...

- http://www.securityt....com/id/1038065
CVE Reference: https://web.nvd.nist...d=CVE-2017-3850
Mar 20 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCvc42729 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix...
___

- https://www.us-cert....ecurity-Updates
March 21, 2017
 

Edited by AplusWebMaster, 22 March 2017 - 07:48 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco IOx Data in Motion Stack Overflow Vuln
- https://tools.cisco....sa-20170322-iox
2017 March 22 v1.0 Critical - "Summary: A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers:
    Cisco IR809
    Cisco IR829
Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable...

- http://www.securityt....com/id/1038105
CVE Reference: CVE-2017-3853
Mar 22 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IR809, IR829; IOx 1.0.0.0, 1.1.0.0 ...
The vendor has assigned bug ID CSCuy52330 to this vulnerability.
Impact: A remote user can execute arbitrary code with root privileges on the target system.
Solution: The vendor has issued a fix...
___

Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning DoS Vuln
- https://tools.cisco....sa-20170322-ztp
2017 March 22 v1.0 High - "Summary: A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
This advisory is part of the March 22, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: March 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication:
> https://tools.cisco....ertId=ERP-60851
Vulnerable Products: This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port...

- http://www.securityt....com/id/1038104
CVE Reference: CVE-2017-3859
Mar 22 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ASR 920 Series ...
ASR 920 Series routers that are configured to listen on the DHCP server port (port 67) are affected.
The vendor has assigned bug ID CSCuy56385 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix...
___

Cisco IOS XE Software HTTP Command Injection Vuln
- https://tools.cisco....a-20170322-xeci
2017 March 22 v1.0 High - "Summary: A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected web page parameter. The user must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco devices running Cisco IOS XE Software Release 16.2.1, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration interface was introduced in the Denali 16.2 Release of Cisco IOS XE Software. The web-based administration interface in earlier releases of Cisco IOS XE Software is not affected by this vulnerability...
Vulnerable Products: This vulnerability affects Cisco devices running Cisco IOS XE Software Release 16.2.1, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration interface was introduced in the Denali 16.2 Release of Cisco IOS XE Software. The web-based administration interface in earlier releases of Cisco IOS XE Software is not affected by this vulnerability...

- http://www.securityt....com/id/1038102
CVE Reference: CVE-2017-3858
Mar 22 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XE 16.2.1 ...
Systems with the HTTP Server enabled are affected.
The vendor has assigned bug ID CSCuy83069 to this vulnerability.
Impact: A remote authenticated user can execute arbitrary commands with root privileges on the target system.
Solution: The vendor has issued a fix...
___

Cisco IOS XE Software Web User Interface DoS Vuln
- https://tools.cisco....-20170322-webui
2017 March 22 v1.0 High - "Summary: A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. For information about which Cisco IOS XE Software releases are vulnerable, see the Fixed Software section* of this advisory...
* https://tools.cisco....322-webui#fixed

- http://www.securityt....com/id/1038101
CVE Reference: CVE-2017-3856
Mar 22 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Systems with the management web interface enabled are affected.
The vendor has assigned bug ID CSCup70353 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix...
___

Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol DoS Vuln
- https://tools.cisco....a-20170322-l2tp
2017 March 22 v1.0 High - "Summary: A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. For information about which Cisco IOS and Cisco IOS XE Software releases are vulnerable, see the Fixed Software section* of this advisory...
* https://tools.cisco....0322-l2tp#fixed

- http://www.securityt....com/id/1038100
CVE Reference: CVE-2017-3857
Mar 22 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Systems with L2TP enabled and configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint are affected.
The vendor has assigned bug ID CSCuy82078 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix...
___

Cisco IOS and IOS XE Software DHCP Client DoS Vuln
- https://tools.cisco....-20170322-dhcpc
2017 March 22 v1.0 High - "Summary: A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section* of this advisory...
* https://tools.cisco....322-dhcpc#fixed

- http://www.securityt....com/id/1038103
CVE Reference: CVE-2017-3864
Mar 22 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
A remote user can send specially crafted DHCP packets to the target device that is configured as a DHCP client to trigger a DHCP parsing bug and cause the target device to reload.
The vendor has assigned bug IDs CSCsy76009 and CSCuu43892 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix...
___

Cisco Application-Hosting Framework Arbitrary File Creation Vuln
- https://tools.cisco....a-20170322-caf2
2017 March 22 v1.0 High - "Summary: A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following Cisco products:
Cisco 800 Series Industrial Integrated Services Routers (IR800)
Cisco IR809, Cisco IR829
Cisco 4000 Series Integrated Services Routers (ISR4K)
Cisco ISR4321, Cisco ISR4331, Cisco ISR4351, Cisco ISR4451
Cisco ASR 1000 Series Aggregation Services Routers (ASR1K)
Cisco ASR1001X, Cisco ASR1001HX, Cisco ASR1002X, Cisco ASR1002HX
Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable...

- http://www.securityt....com/id/1038109
CVE Reference: CVE-2017-3852
Mar 23 2017
Impact: Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ASR1001X, ASR1001HX, ASR1002X, ASR1002HX; IOx 1.0.0.0, 1.1.0.0 ...
Description: A vulnerability was reported in Cisco IOx for ASR 1000 Series Routers. A remote authenticated user can write or modify files on the target system.
A remote user can send specially crafted requests to the target Cisco application-hosting framework (CAF) component to trigger an input validation flaw and write or modify arbitrary files on the target virtual instance running on the target device.
The vendor has assigned bug ID CSCuy52317 to this vulnerability.
Impact: A remote authenticated user can write or modify arbitrary files on the target virtual instance running on the target device.
Solution: The vendor has issued a fix (IOx 1.2.4.2)...
___

Cisco Application-Hosting Framework Directory Traversal Vuln
- https://tools.cisco....a-20170322-caf1
2017 March 22 v1.0 High - "Summary: A vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following Cisco products:
Product Series / Vulnerable Product
Cisco 800 Series Industrial Integrated Services Routers (IR800)
Cisco IR809, Cisco IR829
Cisco 4000 Series Integrated Services Routers (ISR4K)
Cisco ISR4321, Cisco ISR4331, Cisco ISR4351, Cisco ISR4451
Cisco ASR 1000 Series Aggregation Services Routers (ASR1K)
Cisco ASR1001X, Cisco ASR1001HX, Cisco ASR1002X, Cisco ASR1002HX
Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable...

- http://www.securityt....com/id/1038107
CVE Reference: CVE-2017-3851
Mar 22 2017
Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IR809, IR829; IOx 1.0.0.0, 1.1.0.0 ...
A remote user can send specially crafted requests to the target Cisco application-hosting framework (CAF) component to trigger an input validation flaw and view arbitrary files on the target virtual instance running on the target device.
The vendor has assigned bug ID CSCuy52302 to this vulnerability.
Impact: A remote user can obtain arbitrary files on the target virtual instance running on the target device.
Solution: The vendor has issued a fix...
 

Edited by AplusWebMaster, 23 March 2017 - 03:54 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vuln
- https://tools.cisco....sa-20170405-ame
2017 April 5 v1.0 Critical - "Summary: A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points...
- http://www.securityt....com/id/1038181
CVE Reference: CVE-2017-3834
Apr 5 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Models 1830, 1850; Mobility Express Software 8.2.x ...
Cisco Mobility Express Software versions 8.2.x are affected.
The vendor has assigned bug ID CSCva50691 to this vulnerability.
Impact: A remote user can gain access to the target system.
Solution: The vendor has issued a fix (Cisco Mobility Express Software Release 8.2.111.0)...
___

Cisco Wireless LAN Controller 802.11 WME DoS Vuln
- https://tools.cisco....sa-20170405-wlc
2017 April 5 v1.0 High - "Summary: A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Wireless LAN Controller. For information about fixed software releases, consult the Fixed Software section* of this advisory...
* https://tools.cisco....70405-wlc#fixed

- http://www.securityt....com/id/1038182
CVE Reference: CVE-2016-9194
Apr 5 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.4 ...
The vendor has assigned bug ID CSCva86353 to this vulnerability.
Impact: A remote user on the wireless network can cause the target system to reload.
Solution: The vendor has issued a fix (8.0.140.0, 8.2.130.0, 8.3.111.0)...
___

Cisco Wireless LAN Controller IPv6 UDP DoS Vuln
- https://tools.cisco....a-20170405-wlc2
2017 April 5 v1.0 High - "Summary: A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. To determine which release of Cisco WLC Software is running on a device, administrators can use the web interface or the CLI...
- http://www.securityt....com/id/1038183
CVE Reference: CVE-2016-9219
Apr 5 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.2.121.0, 8.3.102.0 ...
The vendor has assigned bug ID CSCva98592 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix (8.2.130.0, 8.3.111.0)...
___

Cisco Wireless LAN Controller Management GUI DoS Vuln
- https://tools.cisco....a-20170405-wlc3
2017 April 5 v1.0 High - "Summary: A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. To determine which release of Cisco WLC Software is running on a device, administrators can use the web interface or the CLI...
- http://www.securityt....com/id/1038184
CVE Reference: CVE-2017-3832
Apr 5 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.3.102.0 ...
The vendor has assigned bug ID CSCvb48198 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix (8.3.111.0).
___

MORE listed here: http://www.securityt...mmary/9000.html
... dated Apr 5 2017 and Apr 6 2017.
___

- https://www.us-cert....ecurity-Updates
April 06, 2017
 

Edited by AplusWebMaster, 06 April 2017 - 06:00 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco ASA Software DNS DoS Vuln
- https://tools.cisco....0170419-asa-dns
2017 April 19 v1.0 High - "Summary: A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information.
Note: Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco ASA Software running on the following products:
    Cisco ASA 1000V Cloud Firewall
    Cisco ASA 5500 Series Adaptive Security Appliances
    Cisco ASA 5500-X Series Next-Generation Firewalls
    Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
    Cisco Adaptive Security Virtual Appliance (ASAv)
    Cisco Firepower 9300 ASA Security Module
    Cisco ISA 3000 Industrial Security Appliance..."
- http://www.securityt....com/id/1038319
CVE Reference: CVE-2017-6607
Apr 20 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCvb40898 to this vulnerability.
Impact: A remote user can cause the target system to reload or corrupt information in the target system's local DNS cache.
Solution: The vendor has issued a fix (9.1(7.12), 9.2(4.18), 9.4(3.12), 9.5(3.2), 9.6(2.2))...
___

Cisco ASA Software IPsec DoS Vuln
- https://tools.cisco....70419-asa-ipsec
2017 April 19 v1.0 High - "Summary: A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco ASA Software running on the following products:
    Cisco ASA 1000V Cloud Firewall
    Cisco ASA 5500 Series Adaptive Security Appliances
    Cisco ASA 5500-X Series Next-Generation Firewalls
    Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
    Cisco Adaptive Security Virtual Appliance (ASAv)
    Cisco Firepower 9300 ASA Security Module
    Cisco ISA 3000 Industrial Security Appliance..."
- http://www.securityt....com/id/1038316
CVE Reference: CVE-2017-6609
Apr 20 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCun16158 to this vulnerability.
Impact: A remote authenticated user can cause the target system to reload.
Solution: The vendor has issued a fix (9.1(7.8), 9.2(4.15), 9.4(4), 9.5(3.2), 9.6(2))...
___

Cisco ASA Software SSL/TLS DoS Vuln
- https://tools.cisco....0170419-asa-tls
2017 April 19 v1.0 High - "Summary: A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco ASA Software running on the following products:
    Cisco ASA 1000V Cloud Firewall
    Cisco ASA 5500 Series Adaptive Security Appliances
    Cisco ASA 5500-X Series Next-Generation Firewalls
    Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
    Cisco Adaptive Security Virtual Appliance (ASAv)
    Cisco Firepower 9300 ASA Security Module
    Cisco ISA 3000 Industrial Security Appliance..."
- http://www.securityt....com/id/1038315
CVE Reference: CVE-2017-6608
Apr 20 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCuv48243 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix (8.4(7.31), 9.0(4.39), 9.1(7), 9.2(4.6), 9.3(3.8), 9.4(2), 9.5(2))...
___

Cisco ASA Software Internet Key Exchange Version 1 XAUTH DoS Vuln
- https://tools.cisco....70419-asa-xauth
2017 April 19 v1.0 High - "Summary: A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system.
The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco ASA Software running on the following products:
    Cisco ASA 1000V Cloud Firewall
    Cisco ASA 5500 Series Adaptive Security Appliances
    Cisco ASA 5500-X Series Next-Generation Firewalls
    Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
    Cisco Adaptive Security Virtual Appliance (ASAv)
    Cisco ASA for Firepower 9300 Series
    Cisco ISA 3000 Industrial Security Appliance..."
- http://www.securityt....com/id/1038314
CVE Reference: CVE-2017-6610
Apr 20 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCuz11685 to this vulnerability.
Impact: A remote authenticated user can cause the target system to reload.
Solution: The vendor has issued a fix (9.1(7.7), 9.2(4.11), 9.4(4), 9.5(3), 9.6(1.5))...
___

Cisco IOS and IOS XE Software EnergyWise DoS Vuln
- https://tools.cisco....0419-energywise
2017 April 19 v1.0 High - "Summary: Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities...
Vulnerable Products: Cisco devices that are running an affected release of Cisco IOS or Cisco IOS XE Software and configured for EnergyWise operation are affected by these vulnerabilities. For information about which Cisco IOS and Cisco IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory.
Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. An attacker could exploit these vulnerabilities by using IPv4 packets sent on TCP or UDP port 43440. An exploit could cause a buffer overflow condition or cause the software to reload, leading to a DoS condition. The EnergyWise feature is -not- enabled by default on Cisco IOS and Cisco IOS XE devices...
- http://www.securityt....com/id/1038313
CVE Reference: CVE-2017-3860, CVE-2017-3861, CVE-2017-3862, CVE-2017-3863
Apr 20 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug IDs CSCur29331, CSCur29331CSCut47751, CSCut47751CSCut50727, CSCut50727CSCuu76493, and CSCuu76493 to these vulnerabilities.
Impact: A remote user can cause the target system to crash.
Solution: The vendor has issued a fix...
___

-MORE- listed here: https://tools.cisco....cationListing.x
... rated "High" dated: 2017 April 19
___

- https://www.us-cert....ecurity-Updates
April 19, 2017
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vuln
- https://tools.cisco....170503-cvr100w1
2017 May 3 v1.0 Critical - "Summary: A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2–adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router -prior- to Firmware Release 1.0.1.22..."
- http://www.securityt....com/id/1038391
CVE Reference: CVE-2017-3882
May 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): CVR100W; firmware prior to 1.0.1.22...
The vendor has assigned bug ID CSCuz72642 to this vulnerability.
Impact: A remote user on the local network can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (CVR100W firmware version 1.0.1.22)...
___

Cisco IOS XR Software DoS Vuln
- https://tools.cisco....20170503-ios-xr
2017 May 3 v1.0 High - "Summary: A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects all Cisco IOS XR platforms that are running release 6.1.1 of Cisco IOS XR Software when the gRPC service is enabled on the device. The gRPC service is -not- enabled by default...
- http://www.securityt....com/id/1038393
CVE Reference: CVE-2017-3876
May 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IOS XR 6.1.1 ...
The vendor has assigned bug ID CSCvb14441 to this vulnerability.
Solution: The vendor has issued a fix (XR 6.1.2)...
___

Cisco TelePresence ICMP DoS Vuln
- https://tools.cisco....sa-20170503-ctp
2017 May 3 v1.0 High - "Summary: A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1.
    Spark Room OS
    TelePresence MX Series
    TelePresence SX Quick Set Series
    TelePresence SX Series...
- http://www.securityt....com/id/1038392
CVE Reference: CVE-2017-3825
May 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, CE8.3.1
The vendor has assigned bug ID CSCvb95396 to this vulnerability.
Impact: A remote user can cause the target system to reload, terminating calls.
Solution: The vendor has issued a fix...
___

Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vuln
- https://tools.cisco....sa-20170503-cme
2017 May 3 v1.0 High - "Summary: A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco has confirmed that the only vulnerable software version for this advisory is 8.3.102.0 on the following products running either the Lightweight AP Software or Mobility Express image:
    Cisco Aironet 1800 Series Access Points
    Cisco Aironet 2800 Series Access Points
    Cisco Aironet 3800 Series Access Points...
- http://www.securityt....com/id/1038394
CVE Reference: CVE-2017-3873
May 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Models 1800, 2800, 3800; version 8.3.102.0 only ...
The vendor has assigned bug ID CSCvb42386 to this vulnerability.
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (8.3.112.0)...
___

MORE listed here:
- https://tools.cisco....cationListing.x
... and here:
- http://www.securityt...mmary/9000.html
... dated May 3 2017.
___

- https://www.us-cert....ecurity-Updates
May 03, 2017
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vuln
- https://tools.cisco....sa-20170317-cmp
Last Updated: 2017 May 8 - v1.4 - Critical - "Summary: A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:
• The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
• The incorrect processing of malformed CMP-specific Telnet options.
An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects the following Cisco devices when running a vulnerable Cisco IOS software release and configured to accept incoming Telnet connections:
Cisco Catalyst Switch (also -many- other models; check-the-models-listed)...
Note:
Checking for the presence of the CMP subsystem is only required on devices running Cisco IOS XE Software, -not- Cisco IOS Software.
Checking if the device is configured to accept Telnet connections is required for devices running either Cisco IOS -or- Cisco IOS XE Software.
Cisco devices running a vulnerable Cisco IOS XE release are affected by this vulnerability when the following conditions are met:
- The CMP subsystem is present on the Cisco IOS XE software image running on the device, and
- The device is configured to accept incoming Telnet connections..."
CVE-2017-3881: https://nvd.nist.gov...l/CVE-2017-3881
Cisco Bug IDs: CSCvd48893

> http://securitytracker.com/id/1038059

> http://securitytracker.com/id/1038179

> https://www.helpnets...tch-0day-patch/
May 10, 2017
 

Edited by AplusWebMaster, 10 May 2017 - 09:33 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco WebEx Meetings Server Information Disclosure Vuln
- https://tools.cisco....a-20170510-cwms
2017 May 10 v1.0 High - "Summary: A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. Cisco has released software updates that address this vulnerability. Workarounds are available to address this vulnerability...
Vulnerable Products: This vulnerability affects the following releases of Cisco WebEx Meetings Server:
    2.5
    2.6
    2.7
    2.8 ..."

- http://www.securityt....com/id/1038459
CVE Reference: CVE-2017-6651
May 10 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.5, 2.6, 2.7, 2.8 ...
The vendor has assigned bug ID CSCve25950 to this vulnerability.
Impact: A remote user can obtain scheduled meeting information and potentially attend scheduled, customer meetings.
Solution: The vendor has issued a fix...
___

- https://www.us-cert....Security-Update
May 10, 2017
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Integrated Management Controller DoS Vuln
- https://tools.cisco....sa-20151211-imc
2017 May 11 v1.1 - "Summary: A vulnerability in Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to make the IMC IP interface inaccessible. The vulnerability is due to incomplete sanitization of input for certain parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the IMC. A successful exploit could allow the attacker to cause the IMC to become inaccessible via the IP interface, resulting in a denial of service (DoS) condition. There are workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Unified Computing System Software.
Workarounds: Administrators may consider performing a factory reset on affected systems..."
- http://www.securityt....com/id/1038475
CVE Reference: CVE-2015-6399
May 12 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug ID CSCuv38286 to this vulnerability.
Impact: A remote authenticated user can cause the target service to become inaccessible.
Solution: The vendor has issued a fix (2.0(9c))...
___

MORE listed here:
> https://tools.cisco....cationListing.x
... dated 2017 May 11-12.
 

Edited by AplusWebMaster, 12 May 2017 - 12:58 PM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Prime Collaboration Provisioning Authentication Bypass Vuln
- https://tools.cisco....a-20170517-pcp1
2017 May 17 v1.0 Critical

Cisco TelePresence IX5000 Series Directory Traversal Vuln
- https://tools.cisco....presence-ix5000
2017 May 17 v1.0 High

Cisco Prime Collaboration Provisioning Information Disclosure Vuln
- https://tools.cisco....a-20170517-pcp2
2017 May 17 v1.0 High

Cisco Policy Suite Privilege Escalation Vuln
- https://tools.cisco....sa-20170517-cps
2017 May 17 v1.0 High

-19- More dated 2017 May 17 listed here:
- https://tools.cisco....cationListing.x

Additional info:
> http://www.securityt....com/id/1038507
> http://www.securityt....com/id/1038508
> http://www.securityt....com/id/1038509
> http://www.securityt....com/id/1038511
> http://www.securityt....com/id/1038512
> http://www.securityt....com/id/1038513
> http://www.securityt....com/id/1038513
> http://www.securityt....com/id/1038514
> http://www.securityt....com/id/1038515
> http://www.securityt....com/id/1038516
> http://www.securityt....com/id/1038517
> http://www.securityt....com/id/1038518
May 17 2017
___

- https://www.us-cert....ecurity-Updates
May 17, 2017
 

Edited by AplusWebMaster, 18 May 2017 - 11:53 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Prime Data Center Network Manager Debug Remote Code Execution Vuln
- https://tools.cisco....-20170607-dcnm1
2017 June 7 v1.0 Critical - "Summary: A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms..."
- http://www.securityt....com/id/1038626
CVE Reference: CVE-2017-6639
Jun 7 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.1(1), 10.1(2) ...
The vendor has assigned bug ID CSCvd09961 to this vulnerability.
Impact: A remote user can execute arbitrary code with root privileges on the target system.
Solution: The vendor has issued a fix...
___

Cisco Prime Data Center Network Manager Server Static Credential Vuln
- https://tools.cisco....-20170607-dcnm2
2017 June 7 v1.0 Critical - "Summary: A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
- http://www.securityt....com/id/1038625
CVE Reference: CVE-2017-6640
Jun 7 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.2(1) ...
The vendor has assigned bug ID CSCvd95346 to this vulnerability.
Impact: A remote user can gain access to the target system, potentially with root-level or system-level privileges.
Solution: The vendor has issued a fix...
___

Cisco AnyConnect Local Privilege Escalation Vuln
- https://tools.cisco....0607-anyconnect
2017 June 7 v1.0 High - "Summary: A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability..."
- http://www.securityt....com/id/1038627
CVE Reference: CVE-2017-6638
Jun 7 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.4.02034 ...
The vendor has assigned bug ID CSCvc97928 to this vulnerability.
Impact: A local user can obtain system privileges on the target system.
Solution: The vendor has issued a fix (4.4.02034)...
___

Cisco TelePresence Endpoint DoS Vuln
- https://tools.cisco....a-20170607-tele
2017 June 7 v1.0 High - "Summary: A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
- http://www.securityt....com/id/1038624
CVE Reference: CVE-2017-6648
Jun 7 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to TC 7.3.8, prior to CE 8.3.0 ...
The vendor has assigned bug ID CSCux94002 to this vulnerability.
Impact: A remote user can cause the target device to reload.
Solution: The vendor has issued a fix...
___

Additional advisories:
- http://www.securityt....com/id/1038628
- http://www.securityt....com/id/1038630
- http://www.securityt....com/id/1038631
- http://www.securityt....com/id/1038632
- http://www.securityt....com/id/1038633
- http://www.securityt....com/id/1038634
- http://www.securityt....com/id/1038635
- http://www.securityt....com/id/1038636
- http://www.securityt....com/id/1038637
- http://www.securityt....com/id/1038638

A total of -20- Cisco advisories dated 2017 Jun 07 are listed here:
> https://tools.cisco....cationListing.x
... and -13- more dated 2017 Jun 07 listed here:
> https://tools.cisco....Vulnerabilities
___

- https://www.us-cert....ecurity-Updates
June 07, 2017
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Virtualized Packet Core-Distributed Instance DoS Vuln
- https://tools.cisco....sa-20170621-vpc
2017 June 21 v1.0 High - "Summary: A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core−Distributed Instance (VPC−DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP packets to the distributed instance (DI) network addresses of both CF instances on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability can be exploited via IPv4 traffic only. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...  
Vulnerable Products: This vulnerability affects Cisco Virtualized Packet Core−Distributed Instance (VPC−DI) Software running any release of the Cisco StarOS operating system prior to the first fixed release..."
CVE-2017-6678
Cisco Bug IDs: CSCvc01665, CSCvc35565
___

Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulns
- https://tools.cisco....a-20170621-wnrp
2017 June 21 v1.0 High - "Summary: A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core−Distributed Instance (VPC−DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP packets to the distributed instance (DI) network addresses of both CF instances on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability can be exploited via IPv4 traffic only. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco Virtualized Packet Core−Distributed Instance (VPC−DI) Software running any release of the Cisco StarOS operating system prior to the first fixed release..."
- http://www.securityt....com/id/1038737
CVE Reference: CVE-2017-6669
Jun 21 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
The vendor has assigned bug IDs CSCvc47758, CSCvc51227, and CSCvc51242 to this vulnerability.
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix...
___

Cisco Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vuln
- https://tools.cisco....0170621-piepnm1
2017 June 21 v1.0 High - "Summary: A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable..."
- http://www.securityt....com/id/1038750
CVE Reference: CVE-2017-6662
Jun 21 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.1 - 3.1.6 ...
The vendor has assigned bug ID CSCvc23894 to this vulnerability.
Impact: A remote authenticated user can read and write files and execute arbitrary code on the target system.
Solution: The vendor has issued a fix...
___

Additional advisories:
- http://www.securityt....com/id/1038738
- http://www.securityt....com/id/1038740
- http://www.securityt....com/id/1038741
- http://www.securityt....com/id/1038744
- http://www.securityt....com/id/1038747
- http://www.securityt....com/id/1038748
- http://www.securityt....com/id/1038749
- http://www.securityt....com/id/1038751

A total of -20- Cisco advisories dated 2017 Jun 21 are listed here:
> https://tools.cisco....cationListing.x
... and -3- more dated 2017 Jun 21 listed here:
> https://tools.cisco....Vulnerabilities
___

- https://www.us-cert....ecurity-Updates
June 21, 2017
 

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

SNMP Remote Code Execution Vulns in Cisco IOS and IOS XE
- https://tools.cisco....a-20170629-snmp
2017 June 29 v1.0 High - "Summary: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload. Cisco will release software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities...
Vulnerable Products: These vulnerabilities affect all releases of Cisco IOS and IOS XE Software prior to the first fixed release and they affect all versions of SNMP—Versions 1, 2c, and 3...
- http://www.securityt....com/id/1038808
CVE Reference: CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744
Jun 29 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IOS and IOS XE ...
The vendor has assigned bug IDs CSCve54313, CSCve54313CSCve57697, CSCve57697CSCve60276, CSCve60276CSCve60376, CSCve60376CSCve60402, CSCve60402CSCve60507, CSCve60507CSCve66540, CSCve66540CSCve66601, CSCve66601CSCve66658, CSCve66658CSCve78027, CSCve78027CSCve89865, and CSCve89865 to these vulnerabilities.
Impact: A remote authenticated user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix...
___

- https://www.us-cert....ecurity-Updates
June 30, 2017
 

Edited by AplusWebMaster, 01 July 2017 - 06:34 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vuln
- https://tools.cisco....a-20170705-usf3
2017 July 5 v1.0 Critical - "... Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
CVE-2017-6714
Cisco Bug IDs: CSCvc76673
___

Cisco Ultra Services Framework UAS Unauthenticated Access Vuln
- https://tools.cisco....sa-20170705-uas
2017 July 5 v1.0 Critical - "... Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
CVE-2017-6711
Cisco Bug IDs: CSCvd29395
___

Cisco Elastic Services Controller Unauthorized Access Vuln
- https://tools.cisco....a-20170705-esc2
2017 July 5 v1.0 Critical - "... Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
CVE-2017-6713
Cisco Bug IDs: CSCvc76627
___

Cisco Ultra Services Framework AutoVNF Log File User Credential Information Disclosure Vuln
- https://tools.cisco....a-20170705-usf2
2017 July 5 v1.0 High - "... Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
CVE-2017-6709
Cisco Bug IDs: CSCvc76659
___

Additional info:
... There are -16- more dated 2017 July 5 listed here:
- https://tools.cisco....cationListing.x
___

Additional info:
- http://www.securityt....com/id/1038818
- http://www.securityt....com/id/1038819
- http://www.securityt....com/id/1038820
- http://www.securityt....com/id/1038821
- http://www.securityt....com/id/1038822
- http://www.securityt....com/id/1038823
- http://www.securityt....com/id/1038824
- http://www.securityt....com/id/1038825
- http://www.securityt....com/id/1038826
___

- https://www.us-cert....ecurity-Updates
July 05, 2017
 

Edited by AplusWebMaster, 06 July 2017 - 03:55 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

SNMP Remote Code Execution Vulns in Cisco IOS and IOS XE Software
- https://tools.cisco....a-20170629-snmp
2017 July 12 v1.4 High - "Summary: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.
Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco has released software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities...
Vulnerable Products: These vulnerabilities affect all releases of Cisco IOS and IOS XE Software prior to the first fixed release and they affect all versions of SNMP—Versions 1, 2c, and 3..."

- http://www.securityt....com/id/1038808
CVE Reference: CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744
Jun 29 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IOS and IOS XE ...
The vendor has assigned bug IDs CSCve54313, CSCve54313CSCve57697, CSCve57697CSCve60276, CSCve60276CSCve60376, CSCve60376CSCve60402, CSCve60402CSCve60507, CSCve60507CSCve66540, CSCve66540CSCve66601, CSCve66601CSCve66658, CSCve66658CSCve78027, CSCve78027CSCve89865, and CSCve89865 to these vulnerabilities.
Impact: A remote authenticated user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix..."
___

- https://www.us-cert....ecurity-Updates
July 13, 2017
 

Edited by AplusWebMaster, 14 July 2017 - 07:38 AM.

[AplusWebMaster]

FYI...

- https://tools.cisco....cationListing.x

Cisco WebEx Browser Extension Remote Code Execution Vuln
- https://tools.cisco....-20170717-webex
2017 July 17 v1.0 Critical - "Summary: A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. Cisco has released software updates for Google Chrome and Mozilla Firefox that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: This vulnerability affects Cisco WebEx extensions for Windows when running on most supported browsers. The affected browsers are Google Chrome and Mozilla Firefox. The following versions of the Cisco WebEx browser extensions are affected by the vulnerability described in this document:
    Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome
    Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox ..."
Cisco Bug ID's (6): CSCvf15012, CSCvf15020, CSCvf15030, CSCvf15033, CSCvf15036, CSCvf15037
CVE-2017-6753
- http://www.securityt....com/id/1038909
CVE Reference: CVE-2017-6753
Jul 17 2017
Version(s): prior to browser extension version 1.0.12
The vendor has assigned bug ID CSCvf15036 to this vulnerability...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (browser extension version 1.0.12 for Chrome, browser extension version 1.0.12 for Firefox)...
- http://www.securityt....com/id/1038910
CVE Reference: CVE-2017-6753
Jul 17 2017
Version(s): prior to browser extension version 1.0.12
The vendor has assigned bug ID CSCvf15012 to this vulnerability.
Cisco WebEx Training Center and Cisco WebEx Support Center are also affected.
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (browser extension version 1.0.12 for Chrome, browser extension version 1.0.12 for Firefox)...
- http://www.securityt....com/id/1038911
CVE Reference: CVE-2017-6753
Jul 17 2017
Version(s): prior to browser extension version 1.0.12
The vendor has assigned bug ID CSCvf15020 to this vulnerability.
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (browser extension version 1.0.12 for Chrome, browser extension version 1.0.12 for Firefox)...
___

- https://www.cisecuri...de-execution-2/
07/18/2017
___

- https://www.us-cert....ecurity-Updates
July 17, 2017
 

Edited by AplusWebMaster, 25 July 2017 - 08:34 AM.