Cisco Security Updates

Number: AV17-127
Date: 16 August 2017

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address vulnerabilities in the following products.

- Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability
- Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability
- Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
- Cisco TelePresence Video Communication Server Denial of Service Vulnerability
- Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability
- Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability
- Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
- Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
- Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
- Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability
- Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability
- Cisco Elastic Services Controller Cross-Site Scripting Vulnerability
- Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability
- Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability
- Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability
- Cisco Policy Suite Privilege Escalation Vulnerability
- Cisco Prime Infrastructure HTML Injection Vulnerability
- Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability

CVE References:
CVE-2017-6710, CVE-2017-6767, CVE-2017-6768, CVE-2017-6772, CVE-2017-6773, CVE-2017-6774,
CVE-2017-6775, CVE-2017-6776, CVE-2017-6777, CVE-2017-6778, CVE-2017-6781, CVE-2017-6783,
CVE-2017-6782, CVE-2017-6784, CVE-2017-6785, CVE-2017-6786, CVE-2017-6788, CVE-2017-6790

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: