Cisco Security Advisories

Cisco StarOS Arbitrary File Modification Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system.

The vulnerability is due to insufficient input validation by the affected operating system. An attacker could exploit this vulnerability by sending crafted command-line requests to an affected system. A successful exploit could allow the attacker to overwrite or modify arbitrary files on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system.

The vulnerability is due to insufficient input validation by the affected operating system. An attacker could exploit this vulnerability by sending crafted command-line requests to an affected system. A successful exploit could allow the attacker to overwrite or modify arbitrary files on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros
Security Impact Rating: Medium
CVE: CVE-2017-6690
Categories: Security Alerts

Cisco IP Phone 8800 Series SIP Denial of Service Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts.

The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition when all phone calls are dropped, due to the SIP process unexpectedly restarting.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-sip A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts.

The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition when all phone calls are dropped, due to the SIP process unexpectedly restarting.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-sip
Security Impact Rating: Medium
CVE: CVE-2017-6656
Categories: Security Alerts

Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

For additional information about cross-site request forgery attacks and potential mitigation methods, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Request Forgery Threat Vectors.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

For additional information about cross-site request forgery attacks and potential mitigation methods, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Request Forgery Threat Vectors.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca
Security Impact Rating: Medium
CVE: CVE-2017-6659
Categories: Security Alerts

Cisco NX-OS Software Fibre Channel over Ethernet Denial of Service Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads.

The vulnerability is due to a lack of proper FCoE frame padding validation. An attacker could exploit this vulnerability by sending a stream of crafted FCoE frames to the targeted device. An exploit could allow the attacker to cause a DoS condition, which would impact FCoE traffic passing through the device. The attacker's server must be directly connected to the FCoE interface on the device that is running Cisco NX-OS Software to exploit this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-nxos A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads.

The vulnerability is due to a lack of proper FCoE frame padding validation. An attacker could exploit this vulnerability by sending a stream of crafted FCoE frames to the targeted device. An exploit could allow the attacker to cause a DoS condition, which would impact FCoE traffic passing through the device. The attacker's server must be directly connected to the FCoE interface on the device that is running Cisco NX-OS Software to exploit this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-nxos
Security Impact Rating: Medium
CVE: CVE-2017-6655
Categories: Security Alerts

Cisco Network Convergence System 5500 Series Routers Local Denial of Service Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition.

The vulnerability occurs because adjacency information for a Traffic Engineering (TE) tunnel's physical source interface is not propagated to hardware after the adjacency is lost. This information needs to be relearned. An attacker could exploit this vulnerability by logging in to the router's CLI with administrator privileges and issuing the clear arp-cache command.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition.

The vulnerability occurs because adjacency information for a Traffic Engineering (TE) tunnel's physical source interface is not propagated to hardware after the adjacency is lost. This information needs to be relearned. An attacker could exploit this vulnerability by logging in to the router's CLI with administrator privileges and issuing the clear arp-cache command.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs
Security Impact Rating: Medium
CVE: CVE-2017-6666
Categories: Security Alerts

Cisco Industrial Network Director Cross-Site Scripting Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system.

The vulnerability is due to insufficient validation of certain user-supplied input passed in the URL of an affected page. An attacker who can convince a user to follow a malicious link or visit an attacker-controlled website could cause arbitrary HTML or script code to be executed in the context of the affected site in the user’s browser. This could result in the attacker gaining the ability to disclose potentially sensitive information from the browser or modify the visual and operational conditions of the rendered URL.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system.

The vulnerability is due to insufficient validation of certain user-supplied input passed in the URL of an affected page. An attacker who can convince a user to follow a malicious link or visit an attacker-controlled website could cause arbitrary HTML or script code to be executed in the context of the affected site in the user’s browser. This could result in the attacker gaining the ability to disclose potentially sensitive information from the browser or modify the visual and operational conditions of the rendered URL.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind
Security Impact Rating: Medium
CVE: CVE-2017-6675
Categories: Security Alerts

Cisco Firepower Management Center Information Disclosure Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance.

The vulnerability is due to verbose output in HTTP log files. An attacker could retrieve the log files from an affected system and use the information to conduct further attacks.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-fmc A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance.

The vulnerability is due to verbose output in HTTP log files. An attacker could retrieve the log files from an affected system and use the information to conduct further attacks.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-fmc
Security Impact Rating: Medium
CVE: CVE-2017-6673
Categories: Security Alerts

Cisco Elastic Services Controller Web Interface System Credentials Information Disclosure Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive credentials that are stored in an affected system.

The vulnerability exists because the affected software does not sufficiently control access to the credential repository on an affected system. An attacker could exploit this vulnerability while accessing the web user interface of an affected system. A successful exploit could allow the attacker to access and retrieve sensitive system credentials from the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc9 A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive credentials that are stored in an affected system.

The vulnerability exists because the affected software does not sufficiently control access to the credential repository on an affected system. An attacker could exploit this vulnerability while accessing the web user interface of an affected system. A successful exploit could allow the attacker to access and retrieve sensitive system credentials from the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc9
Security Impact Rating: Medium
CVE: CVE-2017-6697
Categories: Security Alerts

Cisco Elastic Services Controller User Credentials Information Disclosure Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive credentials that are stored in an affected system.

The vulnerability exists because the affected software does not sufficiently control access to the credential repository on an affected system. An attacker could exploit this vulnerability by accessing certain files on an affected system via the command line. A successful exploit could allow the attacker to retrieve sensitive user credentials from the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8 A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive credentials that are stored in an affected system.

The vulnerability exists because the affected software does not sufficiently control access to the credential repository on an affected system. An attacker could exploit this vulnerability by accessing certain files on an affected system via the command line. A successful exploit could allow the attacker to retrieve sensitive user credentials from the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8
Security Impact Rating: Medium
CVE: CVE-2017-6696
Categories: Security Alerts

Cisco Elastic Services Controller Unauthorized Directory Access Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system.

The vulnerability exists because the affected component does not sufficiently protect files that are stored in the file system. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access and manipulate files on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc7 A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system.

The vulnerability exists because the affected component does not sufficiently protect files that are stored in the file system. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access and manipulate files on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc7
Security Impact Rating: Medium
CVE: CVE-2017-6693
Categories: Security Alerts

Cisco Elastic Services Controller Information Disclosure Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system.

The vulnerability is due to improper permissions that are set for certain files by the affected service. An attacker could exploit this vulnerability to gain access to sensitive information on an affected system, which could lead to further attacks.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6 A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system.

The vulnerability is due to improper permissions that are set for certain files by the affected service. An attacker could exploit this vulnerability to gain access to sensitive information on an affected system, which could lead to further attacks.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6
Security Impact Rating: Medium
CVE: CVE-2017-6691
Categories: Security Alerts

Cisco Elastic Services Controller Insecure Default Administrator Credentials Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user.

The vulnerability is due to the existence of a default, weak, hard-coded password for the admin user of an affected system. An attacker could exploit this vulnerability by logging in to an affected system via Secure Shell (SSH) on TCP port 2024 and using the default password to authenticate to the system as the admin user. A successful exploit could allow the attacker to log in to the affected system as the admin user and perform actions associated with the privileges of the admin user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc5 A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user.

The vulnerability is due to the existence of a default, weak, hard-coded password for the admin user of an affected system. An attacker could exploit this vulnerability by logging in to an affected system via Secure Shell (SSH) on TCP port 2024 and using the default password to authenticate to the system as the admin user. A successful exploit could allow the attacker to log in to the affected system as the admin user and perform actions associated with the privileges of the admin user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc5
Security Impact Rating: Medium
CVE: CVE-2017-6689
Categories: Security Alerts

Cisco Elastic Services Controller Insecure Default Password Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user.

The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux root user of an affected system. A successful exploit could allow the attacker to log in to the affected system as the Linux root user and perform actions associated with the privileges of the root user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4 A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user.

The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux root user of an affected system. A successful exploit could allow the attacker to log in to the affected system as the Linux root user and perform actions associated with the privileges of the root user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4
Security Impact Rating: Medium
CVE: CVE-2017-6688
Categories: Security Alerts

Cisco Elastic Services Controller Insecure Default Credentials Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user.

The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux admin user of an affected system. A successful exploit could allow the attacker to log in to the affected system as the Linux admin user and perform actions associated with the privileges of the admin user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3 A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user.

The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux admin user of an affected system. A successful exploit could allow the attacker to log in to the affected system as the Linux admin user and perform actions associated with the privileges of the admin user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3
Security Impact Rating: Medium
CVE: CVE-2017-6684
Categories: Security Alerts

Cisco Elastic Services Controller Authentication Request Processing Arbitrary Command Execution Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system.

The vulnerability is due to insufficient sanitization of arguments that are passed while authenticating to the monitoring daemon on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the monitoring daemon via TCP port 6000 on an affected system. A successful exploit could allow the attacker to execute arbitrary commands as the tomcat user on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc2 A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system.

The vulnerability is due to insufficient sanitization of arguments that are passed while authenticating to the monitoring daemon on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the monitoring daemon via TCP port 6000 on an affected system. A successful exploit could allow the attacker to execute arbitrary commands as the tomcat user on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc2
Security Impact Rating: Medium
CVE: CVE-2017-6683
Categories: Security Alerts

Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system.

The vulnerability is due to insufficient sanitization of commands that are permitted to run from the ConfD CLI of an affected system. An attacker could exploit this vulnerability by breaking from the restricted shell of the ConfD CLI of an affected system and running arbitrary commands as the Linux tomcat user on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1 A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system.

The vulnerability is due to insufficient sanitization of commands that are permitted to run from the ConfD CLI of an affected system. An attacker could exploit this vulnerability by breaking from the restricted shell of the ConfD CLI of an affected system and running arbitrary commands as the Linux tomcat user on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1
Security Impact Rating: Medium
CVE: CVE-2017-6682
Categories: Security Alerts

Cisco Email Security Appliance Attachment Filter Bypass Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device.

The vulnerability is due to improper input validation of an email with an attachment and modified Multipurpose Internet Mail Extensions (MIME) header. An attacker could exploit this vulnerability by sending a malformed email message with an attachment. A successful exploit could allow the attacker to bypass configured message filters to drop the email. The email may not be RFC compliant. However, some mail clients could still allow users to read the email, which may not have been properly filtered by the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1 A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device.

The vulnerability is due to improper input validation of an email with an attachment and modified Multipurpose Internet Mail Extensions (MIME) header. An attacker could exploit this vulnerability by sending a malformed email message with an attachment. A successful exploit could allow the attacker to bypass configured message filters to drop the email. The email may not be RFC compliant. However, some mail clients could still allow users to read the email, which may not have been properly filtered by the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1
Security Impact Rating: Medium
CVE: CVE-2017-6671
Categories: Security Alerts

Cisco Email Security and Content Security Management Appliance Message Tracking Cross-Site Scripting Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

Additional information about XSS attacks and potential mitigations can be found at:
http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

Additional information about XSS attacks and potential mitigations can be found at:
http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa
Security Impact Rating: Medium
CVE: CVE-2017-6661
Categories: Security Alerts

Cisco Prime Data Center Network Manager Server Static Credential Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges.

The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2 A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges.

The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2
Security Impact Rating: Critical
CVE: CVE-2017-6640
Categories: Security Alerts

Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability

Wed, 2017-06-07 14:00
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system.

The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1 A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system.

The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1
Security Impact Rating: Critical
CVE: CVE-2017-6639
Categories: Security Alerts

Pages