FYI...
Cisco NX-OS Software Pong Packet DoS Vuln
- https://tools.cisco....-20180117-nx-os
2018 Jan 17 v1.0 High - "Summary: A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload.
Note: This vulnerability is exploitable only when all of the following are true:
The Pong tool is enabled on an affected device. The Pong tool is disabled in NX-OS by default.
The FabricPath feature is enabled on an affected device. The FabricPath feature is disabled in NX-OS by default.
A FabricPath port is actively monitored via a Switched Port Analyzer (SPAN) session. SPAN sessions are not configured or enabled in NX-OS by default.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
Cisco Bug IDs: CSCuv98660
___
Cisco Email Security and Content Security Management Appliance Privilege Escalation Vuln
- https://tools.cisco....20180117-esasma
2018 Jan 17 v1.0 High - "Summary: A vulnerability in the administrative shell of the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a set of crafted, malicious commands at the administrative shell. An exploit could allow the attacker to gain root access on the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
Cisco Bug IDs: CSCvb34303, CSCvb35726
___
Cisco Unified Customer Voice Portal DoS Vuln
- https://tools.cisco....sa-20180117-cvp
2018 Jan 17 v1.0 High - "Summary: A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
Cisco Bug IDs: CSCve85840
___
There are -17- other advisories listed here:
- https://tools.cisco....cationListing.x
and -5- more advisories listed here:
- https://tools.cisco....Vulnerabilities
all dated 2018 Jan 17.
___
Additional information:
- https://www.security....com/id/1040219
- https://www.security....com/id/1040220
- https://www.security....com/id/1040221
- https://www.security....com/id/1040222
- https://www.security....com/id/1040235
- https://www.security....com/id/1040236
- https://www.security....com/id/1040237
- https://www.security....com/id/1040238
- https://www.security....com/id/1040240
- https://www.security....com/id/1040242
- https://www.security....com/id/1040247
- https://www.security....com/id/1040248
- https://www.security....com/id/1040249
___
- https://www.us-cert....ecurity-Updates
2018 Jan 17
Edited by AplusWebMaster, 18 January 2018 - 10:33 AM.
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
