Multiple Cisco Security Advisories

Number: AV16-131
Date: 19 August 2016

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco has released multiple security advisories addressing vulnerabilities affecting several of their products.  The severity of these vulnerabilities range from medium to critical.

Critical
Cisco Firepower Management Center Remote Command Execution Vulnerability (cisco-sa-20160817-fmc)
Cisco Firepower Management Center Privilege Escalation Vulnerability (cisco-sa-20160817-firepower)

High
Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability (cisco-sa-20160817-apic)

Medium
Cisco WebEx Meetings Server Information Disclosure Vulnerability (cisco-sa-20160817-wms1)
Cisco Unified Communications Manager Information Disclosure Vulnerability (cisco-sa-20160817-ucm)
Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability (cisco-sa-20160817-sch)
Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability (cisco-sa-20160817-ise)
Cisco IP Phone 8800 Series Denial of Service Vulnerability (cisco-sa-20160817-ipp)
Cisco Firepower Management Center Cross-Site Scripting Vulnerability (cisco-sa-20160817-firepowermc)
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability (cisco-sa-20160817-aap1)
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability (cisco-sa-20160817-aap)

CVE References: CVE-2016-1457, CVE-2016-1458, CVE-2016-1365, CVE-2016-1479, CVE-2016-1484, CVE-2016-1485, CVE-2016-6359, CVE-2016-6361, CVE-2016-6362, CVE-2016-6363, CVE-2016-6364, CVE-2016-6365

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-wms1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-sch
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: