Cisco Security Advisories

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation for the affected command. An authenticated local attacker could exploit this vulnerability by injecting crafted command arguments into a redirect of a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1 A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation for the affected command. An authenticated local attacker could exploit this vulnerability by injecting crafted command arguments into a redirect of a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1
Security Impact Rating: Medium
CVE: CVE-2017-6600
Categories: Security Alerts

Cisco UCS Director Virtual Machine Information Disclosure Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain.

The vulnerability is due to improper role-based user checks. An attacker could exploit this vulnerability by executing certain fenced container commands on an affected system. A successful exploit could allow the attacker to gain unauthorized access to virtual machines in a local UCS domain of the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain.

The vulnerability is due to improper role-based user checks. An attacker could exploit this vulnerability by executing certain fenced container commands on an affected system. A successful exploit could allow the attacker to gain unauthorized access to virtual machines in a local UCS domain of the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director
Security Impact Rating: Medium
CVE: CVE-2017-3817
Categories: Security Alerts

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands.

The vulnerability is due to inadequate integrity checks for the debug plug-in. An attacker could exploit this vulnerability by crafting a debug plug-in and loading it using elevated privileges. An exploit could allow the attacker to run malicious code that would allow for the execution of arbitrary commands as root.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands.

The vulnerability is due to inadequate integrity checks for the debug plug-in. An attacker could exploit this vulnerability by crafting a debug plug-in and loading it using elevated privileges. An exploit could allow the attacker to run malicious code that would allow for the execution of arbitrary commands as root.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs
Security Impact Rating: Medium
CVE: CVE-2017-6598
Categories: Security Alerts

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

Additional information about XSS attacks and potential mitigations is available at the following links:


There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1 A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

Additional information about XSS attacks and potential mitigations is available at the following links:


There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1
Security Impact Rating: Medium
CVE: CVE-2017-3888
Categories: Security Alerts

Cisco Unified Communications Manager SQL Injection Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries.

The vulnerability is due to a lack of input validation on HTTP requests that contain user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database.

Additional information is available at the following link:
https://www.owasp.org/index.php/SQL_Injection

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries.

The vulnerability is due to a lack of input validation on HTTP requests that contain user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database.

Additional information is available at the following link:
https://www.owasp.org/index.php/SQL_Injection

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm
Security Impact Rating: Medium
CVE: CVE-2017-3886
Categories: Security Alerts

Cisco Registered Envelope Service Open Redirect Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page.

The vulnerability is due to improper input validation of the parameters of the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. This type of exploit is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge.

More information can be found at the following link: https://cwe.mitre.org/data/definitions/601.html

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page.

The vulnerability is due to improper input validation of the parameters of the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. This type of exploit is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge.

More information can be found at the following link: https://cwe.mitre.org/data/definitions/601.html

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res
Security Impact Rating: Medium
CVE: CVE-2017-3889
Categories: Security Alerts

Cisco IOS XE Software Startup Script Local Command Execution Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user.

The vulnerability is due to insufficient validation of ROMMON variables values. An attacker could exploit this vulnerability by manipulating the content of some ROMMON variables, which will allow an external script containing the command to execute at boot time. A reload of the affected system is needed to exploit the vulnerability. An attacker would need console access to exploit this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user.

The vulnerability is due to insufficient validation of ROMMON variables values. An attacker could exploit this vulnerability by manipulating the content of some ROMMON variables, which will allow an external script containing the command to execute at boot time. A reload of the affected system is needed to exploit the vulnerability. An attacker would need console access to exploit this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe
Security Impact Rating: Medium
CVE: CVE-2017-6606
Categories: Security Alerts

Cisco IOS XR Software Denial of Service Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by sending malformed gRPC requests repeatedly to the affected device. An exploit could allow the attacker to cause the emsd process to crash.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by sending malformed gRPC requests repeatedly to the affected device. An exploit could allow the attacker to cause the emsd process to crash.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios
Security Impact Rating: Medium
CVE: CVE-2017-6599
Categories: Security Alerts

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks.

The vulnerability occurs because the application does not sufficiently protect sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to obtain sensitive information about the application.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks.

The vulnerability occurs because the application does not sufficiently protect sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to obtain sensitive information about the application.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi
Security Impact Rating: Medium
CVE: CVE-2017-3884
Categories: Security Alerts

Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges.

The vulnerability is due to incorrect permissions being assigned to configured users on the device. An attacker could exploit this vulnerability by authenticating to the device and issuing certain commands at the CLI. A successful exploit could allow the attacker to access the underlying operating system shell with root access.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges.

The vulnerability is due to incorrect permissions being assigned to configured users on the device. An attacker could exploit this vulnerability by authenticating to the device and issuing certain commands at the CLI. A successful exploit could allow the attacker to access the underlying operating system shell with root access.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme
Security Impact Rating: Medium
CVE: CVE-2016-9197
Categories: Security Alerts

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside the expected path and gain access to other devices.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2 A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside the expected path and gain access to other devices.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2
Security Impact Rating: Medium
CVE: CVE-2017-6602
Categories: Security Alerts

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside of the user’s path.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1 A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside of the user’s path.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1
Security Impact Rating: Medium
CVE: CVE-2017-6601
Categories: Security Alerts

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.
 
The vulnerability is due to insufficient input validation for the affected command. An authenticated, local attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.
 
The vulnerability is due to insufficient input validation for the affected command. An authenticated, local attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli
Security Impact Rating: Medium
CVE: CVE-2017-6597
Categories: Security Alerts

Cisco Integrated Management Controller Redirection Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

The vulnerability is due to improper input validation of parameters in HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system, which could cause the web interface of the affected software to redirect the request to a malicious URL. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

The vulnerability is due to improper input validation of parameters in HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system, which could cause the web interface of the affected software to redirect the request to a malicious URL. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc
Security Impact Rating: Medium
CVE: CVE-2017-6604
Categories: Security Alerts

Cisco Firepower Detection Engine SSL Denial of Service Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts.

The vulnerability is due to improper error handling of an SSL packet in an established SSL connection. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts, causing traffic inspection to be bypassed or traffic to be dropped.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1 A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts.

The vulnerability is due to improper error handling of an SSL packet in an established SSL connection. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts, causing traffic inspection to be bypassed or traffic to be dropped.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1
Security Impact Rating: Medium
CVE: CVE-2017-3887
Categories: Security Alerts

Cisco Firepower Detection Engine SSL Denial of Service Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources.

The vulnerability is due to improper handling of an SSL packet stream. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition because the Snort process consumes a high level of CPU resources. The device must be manually reloaded to recover from this condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources.

The vulnerability is due to improper handling of an SSL packet stream. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition because the Snort process consumes a high level of CPU resources. The device must be manually reloaded to recover from this condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw
Security Impact Rating: Medium
CVE: CVE-2017-3885
Categories: Security Alerts

Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The system could push IPv6 traffic to the processor even when the device is not configured for IPv6, which could cause other control packets to be affected. A successful exploit could allow the attacker to cause a DoS condition on the system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The system could push IPv6 traffic to the processor even when the device is not configured for IPv6, which could cause other control packets to be affected. A successful exploit could allow the attacker to cause a DoS condition on the system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr
Security Impact Rating: Medium
CVE: CVE-2017-6603
Categories: Security Alerts

Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability

Wed, 2017-04-05 14:00
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.

The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.

The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
Security Impact Rating: Critical
CVE: CVE-2017-3834
Categories: Security Alerts

Cisco Application-Hosting Framework Directory Traversal Vulnerability

Wed, 2017-03-22 14:00
A vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1 A vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1
Security Impact Rating: High
CVE: CVE-2017-3851
Categories: Security Alerts

Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability

Wed, 2017-03-22 14:00
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp

This advisory is part of the March 22, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: March 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp

This advisory is part of the March 22, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: March 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.


Security Impact Rating: High
CVE: CVE-2017-3857
Categories: Security Alerts

Pages