Cisco Security Updates

Number: AV18-119
Date: 18 July 2018

Purpose

The purpose of this advisory is to bring attention to multiple Cisco security advisories.

Assessment

Cisco released multiple security updates to address several vulnerabilities in various Cisco products.

Affected Products:
- Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode DHCP Version 6 Denial of Service Vulnerability
- Cisco Policy Suite Cluster Manager Default Password Vulnerability
- Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability
- Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability
- Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
- Cisco SD-WAN Solution CLI Command Injection Vulnerability
- Cisco SD-WAN Solution Command Injection Vulnerability
- Cisco SD-WAN Solution Command Injection Vulnerability
- Cisco SD-WAN Solution Configuration and Management Database Remote Code Execution Vulnerability
- Multiple Vulnerabilities in Cisco Finesse
- Cisco SD-WAN Solution Remote Code Execution Vulnerability
- Cisco SD-WAN Solution VPN Subsystem Command Injection Vulnerability
- Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability
- Cisco SD-WAN Solution Zero Touch Provisioning Command Injection Vulnerability
- Cisco SD-WAN Solution Zero Touch Provisioning Denial of Service Vulnerability
- Cisco Unified Communications Manager IM And Presence Service Cross-Site Scripting Vulnerability
- Cisco Webex DOM-Based Cross-Site Scripting Vulnerability
- Cisco Webex Network Recording Players Denial of Service Vulnerabilities
- Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities
- Cisco Webex Teams Remote Code Execution Vulnerability
- Multiple Vulnerabilities in Cisco Unified Contact Center Express
- Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability
- Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability
- Cisco Policy Suite Read-Only User Effect Change Vulnerability
- Cisco Policy Suite World-Readable Sensitive Data Vulnerability
- Cisco SD-WAN Solution Local Buffer Overflow Vulnerability

CVE References: CVE-2018-0342, CVE-2018-0343, CVE-2018-0344, CVE-2018-0345, CVE-2018-0346, CVE-2018-0347, CVE-2018-0348, CVE-2018-0349, CVE-2018-0350, CVE-2018-0351, CVE-2018-0372, CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, CVE-2018-0377, CVE-2018-0379, CVE-2018-0380, CVE-2018-0387, CVE-2018-0390, CVE-2018-0392, CVE-2018-0393, CVE-2018-0394, CVE-2018-0396, CVE-2018-0398, CVE-2018-0399, CVE-2018-0400, CVE-2018-0401, CVE-2018-0402, CVE-2018-0403

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-data
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-finesse
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-csp2100-injection
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ucmim-ps-xss
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-DOM-xss
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-teams-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-pspb-unauth-access
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: