Security Bulletins

US-CERT: The United States Computer Emergency Readiness Team   more  xml  hide  
last updated: Sat, 18 Aug 2018 21:49:06 GMT

 Sat, 18 Aug 2018 02:05:47 +0000 Apache Releases Security Updates for Tomcat Native
Original release date: August 17, 2018 | Last revised: August 18, 2018

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server.

NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 15 Aug 2018 17:48:46 +0000  Cisco Releases Security Updates
Original release date: August 15, 2018

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.  

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 15 Aug 2018 02:04:49 +0000 FBI Releases Guidance on Defending Against Travel Scams
Original release date: August 14, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against travel scams. FBI explains how scammers trick consumers with "free" vacation ploys. These offers may be fake or involve hidden fees. Legitimate companies will not ask prize winners to pay to claim their reward.

NCCIC encourages consumers to review the FBI Article, the Federal Trade Commission's Travel Tips, and NCCIC's Tip on Avoiding Social Engineering and Phishing Attacks for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


 Tue, 14 Aug 2018 23:16:25 +0000 VMware Releases Security Updates
Original release date: August 14, 2018 | Last revised: August 15, 2018

VMware has released security updates to address vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances. An attacker could exploit these vulnerabilities to obtain sensitive information.

NCCIC encourages users and administrators to review VMware Security Advisories VMSA-2018-0020, VMSA-2018-0021, and VMSA-2018-0022 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


 Tue, 14 Aug 2018 22:23:46 +0000 Samba Releases Security Updates
Original release date: August 14, 2018

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Samba Security Announcements for CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, and CVE-2018-1140 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



[logo] SecurityFocus Vulnerabilities   more  xml  hide  
last updated: Sat, 18 Aug 2018 21:41:53 GMT

 2018-08-18 Vuln: Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
 2018-08-17 Vuln: Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
 2018-08-16 Vuln: Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
 2018-08-16 Vuln: Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
  Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update

[logo] Yahoo News - Latest News & Headlines   more  xml  hide  
last updated: Sat, 18 Aug 2018 21:49:08 GMT

 Thu, 16 Aug 2018 19:49:41 -0400 Catholics On Twitter Call For Drastic Reform After Pennsylvania Sexual Abuse Report

Catholics On Twitter Call For Drastic Reform After Pennsylvania Sexual Abuse ReportPennsylvania's newly released grand jury report on clerical sexual abuse


 Thu, 16 Aug 2018 22:56:13 -0400 Judge says Trump campaign screwed up on wording of confidentiality agreements

Judge says Trump campaign screwed up on wording of confidentiality agreementsA Manhattan judge issued a ruling on Thursday that thwarts the Trump campaign’s attempts to keep a lawsuit out of open court.


 Fri, 17 Aug 2018 10:10:44 -0400 Bodies of missing Colorado girls allegedly killed by dad found in oil and gas tanks: report

Bodies of missing Colorado girls allegedly killed by dad found in oil and gas tanks: reportThe bodies of two missing Colorado girls who disappeared along with their


 Fri, 17 Aug 2018 21:20:33 -0400 Ryan Zinke Would 'Sell His Grandkids For Big Oil,' Says Washington Governor

Ryan Zinke Would 'Sell His Grandkids For Big Oil,' Says Washington GovernorWashington Gov. Jay Inslee slammed Ryan Zinke's record on the environment


 Fri, 17 Aug 2018 06:33:22 -0400 Yazidi 'ex-sex slave' trapped both in Iraq and in German exile

Yazidi 'ex-sex slave' trapped both in Iraq and in German exileA young Yazidi woman who fled to Germany but returned home to northern Iraq says she cannot escape her Islamic State group captor who held her as a sex slave for three months. Ashwaq Haji, 19, says she ran into the man in a German supermarket in February. Traumatised by the encounter, she returned to Iraq the following month.



Cisco Security Advisory   more  xml  hide  
last updated: Sat, 18 Aug 2018 21:41:55 GMT

 Fri, 17 Aug 2018 20:17:13 CDT CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
On August 14th, 2018, three vulnerabilities were disclosed by Intel and security researchers that leverage a speculative execution side-channel method referred to as L1 Terminal Fault (L1TF) that affects modern Intel microprocessors. These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged memory belonging to other processes.

The first vulnerability, CVE-2018-3615, affects Intel SGX technology and is referred to by the researchers who discovered it as foreshadow. This vulnerability is not known to affect any Cisco devices as the Cisco devices do not utilize Intel SGX technology.

The second vulnerability, CVE-2018-3620, and the third vulnerability, CVE-2018-3646, are referred to as L1 Terminal Fault attacks by Intel. These two vulnerabilities affect multi-core processors that leverage Intel Hyper-Threading technology supporting Operating System, System Management Mode, and Virtualized workloads. Like the previously disclosed Spectre vulnerabilities, all three new vulnerabilities leverage cache-timing attacks to infer any disclosed data.

To exploit any of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector from which to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.

A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as the operating system or hypervisor, is patched against the vulnerabilities in question.

Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. See the Affected Products section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.

Cisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel


Security Impact Rating: Medium
CVE: CVE-2018-3615,CVE-2018-3620,CVE-2018-3646
 Thu, 16 Aug 2018 14:14:21 CDT Cisco IP Phone 7800 Series and 8800 Series and Cisco Wireless IP Phone 8821 Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series, IP Phone 8800 Series, and Wireless IP Phone 8821 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone.

The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos


Security Impact Rating: Medium
CVE: CVE-2018-0325
 Thu, 16 Aug 2018 13:48:18 CDT Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain write access to otherwise read-only memory mappings to increase their privileges on the system.

Cisco has released software updates that address this vulnerability. For information about affected and fixed software releases, consult the Cisco bug IDs in the Vulnerable Products table.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
Security Impact Rating: Medium
CVE: CVE-2016-5195
 Wed, 15 Aug 2018 19:27:12 CDT Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques.

The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
Security Impact Rating: High
CVE: CVE-2018-0296
 Wed, 15 Aug 2018 16:00:00 CDT Cisco ASR 9000 Series Aggregation Services Routers Precision Time Protocol Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-asr-ptp-dos


Security Impact Rating: Medium
CVE: CVE-2018-0418
 Wed, 15 Aug 2018 16:00:00 CDT Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials.

The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-escalation


Security Impact Rating: Medium
CVE: CVE-2018-0428
 Wed, 15 Aug 2018 16:00:00 CDT Cisco Web Security Appliance Web Proxy Memory Exhaustion Denial of Service Vulnerability

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system.

The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos


Security Impact Rating: High
CVE: CVE-2018-0410
 Wed, 15 Aug 2018 16:00:00 CDT Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability

A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos


Security Impact Rating: High
CVE: CVE-2018-0409
 Wed, 15 Aug 2018 16:00:00 CDT Cisco Small Business 100 Series and 300 Series Wireless Access Points Encryption Algorithm Downgrade Vulnerability

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client).

The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt


Security Impact Rating: Medium
CVE: CVE-2018-0412
 Wed, 15 Aug 2018 16:00:00 CDT Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service.

The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-res-xss


Security Impact Rating: Medium
CVE: CVE-2018-0367
 Wed, 15 Aug 2018 16:00:00 CDT Cisco Email Security Appliance EXE File Scanning Bypass Vulnerability

A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system.

The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-esa-file-bypass


Security Impact Rating: Medium
CVE: CVE-2018-0419
 Wed, 15 Aug 2018 16:00:00 CDT Cisco Digital Network Architecture Center Command Injection Vulnerability

A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack.

The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-dna-injection


Security Impact Rating: Medium
CVE: CVE-2018-0427
 Wed, 15 Aug 2018 16:00:00 CDT Cisco Unified Communications Domain Manager Reflected Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system.

The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-cucdm-xss


Security Impact Rating: Medium
CVE: CVE-2018-0386
 Wed, 15 Aug 2018 16:00:00 CDT Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. 

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-csb-wap-dos


Security Impact Rating: Medium
CVE: CVE-2018-0415
 Mon, 13 Aug 2018 16:00:00 CDT Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session.

The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonce


Security Impact Rating: Medium
CVE: CVE-2018-0131
 Thu, 09 Aug 2018 18:20:00 CDT Offline Cryptographic Attacks Targeting the Wi-Fi Protected Access 2 Protocol

On August 4, 2018, Jens Steube from the Hashcat project published an article introducing a new method to obtain cryptographic information from wireless traffic that can then be used by an attacker to attempt the offline recovery of the preshared key (PSK) used to secure a Wi-Fi network.

Both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access 2 (WPA2) protocols are known to be susceptible to offline cryptographic attacks when a PSK is used as an authentication mechanism. This is not a new vulnerability or a new attack against these protocols. This is a new vector that allows an attacker to obtain the information required to attempt an offline attack against the PSK.

This new method is different from the existing attacks against the PSK because it does not require an attacker to wait for an Extensible Authentication Protocol over LAN (EAPOL) authentication exchange, capture it, and proceed to attempt an offline PSK recovery. This new vector allows an attacker to extract the required information from a single wireless frame transmitted during a roaming event. The following conditions for this capture apply:

  • The frame contains a Robust Security Network-Pairwise Master Key Identification (RSN-PMKID) option
  • The wireless infrastructure is configured to use WPA2 with a PSK mode of authentication
  • The wireless infrastructure supports the Proactive Key Caching (PKC) fast roaming option (PMKID roaming)
The wireless frame can be acquired by passively listening to traffic from the wireless network during the roaming.

It is important to note that this method does not make it easier or faster to recover the PSK for a Wi-Fi network. Instead, it is easier for an attacker to collect the information required to conduct a subsequent offline cryptographic attack. The likelihood of a successful recovery of the PSK is highly dependent on the complexity of the PSK in use.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180809-wpa2


Security Impact Rating: Informational
 Tue, 07 Aug 2018 20:58:41 CDT CPU Side-Channel Information Disclosure Vulnerabilities: May 2018

On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged memory belonging to other processes.

The first vulnerability, CVE-2018-3639, is known as Spectre Variant 4 or SpectreNG. The second vulnerability, CVE-2018-3640, is known as Spectre Variant 3a. Both of these attacks are variants of the attacks disclosed in January 2018 and leverage cache-timing attacks to infer any disclosed data.

To exploit either of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.

A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as operating system or hypervisor, is patched against the vulnerabilities in question.

Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. Refer to the “Affected Products” section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services. 

Cisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel


Security Impact Rating: Medium
CVE: CVE-2018-3639,CVE-2018-3640
 Wed, 01 Aug 2018 16:00:00 CDT Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable.

The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos


Security Impact Rating: High
CVE: CVE-2018-0391
 Wed, 01 Aug 2018 16:00:00 CDT Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability

A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition.

The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-fampmac


Security Impact Rating: Medium
CVE: CVE-2018-0397
 Wed, 01 Aug 2018 16:00:00 CDT Cisco Web Security Appliance Reflected and Document Object Model-Based Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model–based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-wsa-xss


Security Impact Rating: Medium
CVE: CVE-2018-0406
 Wed, 01 Aug 2018 16:00:00 CDT Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss


Security Impact Rating: Medium
CVE: CVE-2018-0411
 Wed, 01 Aug 2018 16:00:00 CDT Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-rxss


Security Impact Rating: Medium
CVE: CVE-2018-0408
 Wed, 01 Aug 2018 16:00:00 CDT Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss


Security Impact Rating: Medium
CVE: CVE-2018-0407
 Wed, 01 Aug 2018 16:00:00 CDT Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf


Security Impact Rating: Medium
CVE: CVE-2018-0413
 Wed, 25 Jul 2018 15:33:49 CDT Cisco CallManager Express Unauthorized Access Vulnerability
A vulnerability in Cisco IOS Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls.

The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1
Security Impact Rating: Medium
CVE: CVE-2017-6624
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode DHCP Version 6 Denial of Service Vulnerability

A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system.

The vulnerability is due to improper memory management when DHCPv6 packets are received on an interface of the targeted device. An attacker could exploit this vulnerability by sending a high number of malicious DHCPv6 packets to be processed by an affected device. A successful exploit could allow the attacker to cause the system to run low on memory, which could cause an eventual reboot of an affected device. The vulnerability only applies to IPv6 protocol packets and not for IPv4 protocol packets.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos


Security Impact Rating: High
CVE: CVE-2018-0372
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Webex Teams Remote Code Execution Vulnerability

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to execute arbitrary code on the user’s device, possibly with elevated privileges.

The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user’s system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-teams-rce


Security Impact Rating: Medium
CVE: CVE-2018-0387
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. There is no risk when a .arf player that is stored on a Webex site is played in the Webex Network Recording Player.

The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually.

Cisco has updated affected versions of the ARF and WRF recording players on Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-rce


Security Impact Rating: High
CVE: CVE-2018-0379
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Webex Network Recording Players Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition.

The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually.

There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dos


Security Impact Rating: Medium
CVE: CVE-2018-0380
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Webex DOM-Based Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system.

The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software by using the HTTP POST method. An attacker who can submit malicious scripts to the affected user interface element could execute arbitrary script or HTML code in the user’s browser in the context of the affected site.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-DOM-xss


Security Impact Rating: Medium
CVE: CVE-2018-0390
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Unified Communications Manager IM And Presence Service Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.

The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ucmim-ps-xss


Security Impact Rating: Medium
CVE: CVE-2018-0396
 Wed, 18 Jul 2018 16:00:00 CDT Multiple Vulnerabilities in Cisco Unified Contact Center Express

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface, conduct a cross-site request forgery (CSRF) attack, or retrieve a cleartext password.

For more information about these vulnerabilities, see the Details section of this advisory.

There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx


Security Impact Rating: Medium
CVE: CVE-2018-0400,CVE-2018-0401,CVE-2018-0402,CVE-2018-0403
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device.

The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-fo


Security Impact Rating: High
CVE: CVE-2018-0349
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution Zero Touch Provisioning Denial of Service Vulnerability

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads.

This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-dos


Security Impact Rating: High
CVE: CVE-2018-0346
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution Configuration and Management Database Remote Code Execution Vulnerability

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software.

The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands  with the privileges of the vmanage user in the configuration management system of the affected software.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx


Security Impact Rating: High
CVE: CVE-2018-0345
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility.

The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-coinj


Security Impact Rating: High
CVE: CVE-2018-0351
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem.

The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdnjct


Security Impact Rating: High
CVE: CVE-2018-0348
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution VPN Subsystem Command Injection Vulnerability

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page.

The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj


Security Impact Rating: High
CVE: CVE-2018-0350
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution Zero Touch Provisioning Command Injection Vulnerability

A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter.

The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci


Security Impact Rating: High
CVE: CVE-2018-0347
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution Remote Code Execution Vulnerability

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system.

The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-code-ex


Security Impact Rating: Medium
CVE: CVE-2018-0343
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.

The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-cmd-inject


Security Impact Rating: Medium
CVE: CVE-2018-0344
 Wed, 18 Jul 2018 16:00:00 CDT Cisco SD-WAN Solution Local Buffer Overflow Vulnerability

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sd-wan-bo


Security Impact Rating: Medium
CVE: CVE-2018-0342
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability

A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to access the Policy Builder interface.

The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-pspb-unauth-access


Security Impact Rating: Critical
CVE: CVE-2018-0376
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface.

The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access


Security Impact Rating: Critical
CVE: CVE-2018-0377
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability

A vulnerability in the Policy Builder database of Cisco Policy Suite could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database.

The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access


Security Impact Rating: Critical
CVE: CVE-2018-0374
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Policy Suite World-Readable Sensitive Data Vulnerability

A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user.

The vulnerability is due to insufficient access control permissions. An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-data


Security Impact Rating: Medium
CVE: CVE-2018-0392
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Policy Suite Read-Only User Effect Change Vulnerability

A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface.

The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change


Security Impact Rating: Medium
CVE: CVE-2018-0393
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Policy Suite Cluster Manager Default Password Vulnerability

A vulnerability in the Cluster Manager of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials.

The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd


Security Impact Rating: Critical
CVE: CVE-2018-0375
 Wed, 18 Jul 2018 16:00:00 CDT Multiple Vulnerabilities in Cisco Finesse

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack or retrieve a cleartext password from an affected system.

For more information about these vulnerabilities, see the Details section of this security advisory.

There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-finesse


Security Impact Rating: Medium
CVE: CVE-2018-0398,CVE-2018-0399
 Wed, 18 Jul 2018 16:00:00 CDT Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system.

The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-csp2100-injection


Security Impact Rating: Medium
CVE: CVE-2018-0394

powered by zFeeder

Reload this page to check for the most recent news updates.

Please read our legal disclaimer for the use of this information.

Stay Secure
Axiom understands how vital the security of your data is to your organization. Please don't hesitate to contact us if you would like a professional assessment of your network infrastructure.
Home Axiom Advisor Security Bulletins