Cisco Security Advisory
Date: 8 March 2018
The purpose of this advisory is to bring attention to multiple Cisco security advisories.
Cisco released multiple security updates to address vulnerabilities (medium to critical) in the following products.
- Cisco Prime Collaboration Provisioning Hard Coded Password Vulnerability
- Cisco Secure Access Control System Java Deserialization Vulnerability
- Cisco Web Security Appliance FTP Authentication Bypass Vulnerability
- Cisco Videoscape AnyRes Live Cross Site Scripting Vulnerability
- Cisco UCS Director Cross Site Scripting Vulnerability
- Cisco StarOS CLI Command Injection Vulnerability
- Cisco Security Manager DesktopServlet Reflected Cross Site Scripting Vulnerability
- Cisco Registered Envelope Service Cross Site Scripting Vulnerability
- Cisco Prime Data Center Network Manager Cross Site Scripting Vulnerability
- Cisco Identity Services Engine Command Injection to Underlying Operating System Vulnerability
- Cisco Identity Services Engine Cross Site Request Forgery Vulnerability
- Cisco Identity Services Engine Local Command Injection Vulnerability
- Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability
- Cisco Identity Services Engine Cross Site Scripting Vulnerability
- Cisco Identity Services Engine Authenticated CLI Denial of Service Vulnerability
- Cisco Data Center Network Manager Cross Site Request Forgery Vulnerability
- Cisco Secure Access Control Server XML External Entity Injection Vulnerability
- Cisco 550X Series Stackable Managed Switches SNMP Denial of Service Vulnerability
CVE References: CVE 2018 0087, CVE 2018 0141, CVE 2018 0144, CVE 2018 0147, CVE 2018 0207, CVE 2018 0208, CVE 2018 0209, CVE 2018 0210, CVE 2018 0211, CVE 2018 0212, CVE 2018 0213, CVE 2018 0214, CVE 2018 0215, CVE 2018 0216, CVE 2018 0217, CVE 2018 0218, CVE 2018 0219, CVE 2018 0220, CVE 2018 0221, CVE 2018 0223, CVE 2018 0224
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
Note to Readers
In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.
Please note, CCIRC PGP key has recently been updated.
For general information, please contact Public Safety Canada's Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118
- Date modified: