Sign In


Cisco Releases Security Updates – 20.02.2018

Cisco has released security updates and 18 Advisory to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CERT Bulgaria recommends users and administrators to review the Cisco Security Advisory and apply the necessary updates.

·         Linux Kernel IP Fragment Reassembly - Denial of Service Vulnerability

·         Open Container Initiative runc CLI - Privilege Escalation Vulnerability

·         Cisco Prime Infrastructure - Certificate Validation Vulnerability

·         Cisco Prime Collaboration Assurance Software - Unauthenticated Access Vulnerability

·         Cisco Network Convergence System 1000 Series - TFTP Directory Traversal Vulnerability

·         Cisco HyperFlex Software - Command Injection Vulnerability

·         Cisco HyperFlex Software - Unauthenticated Root Access Vulnerability

·         Cisco HyperFlex - Arbitrary StatisticsWrite Vulnerability

·         Cisco Hyperflex Stored - Cross-Site Scripting Vulnerability

·         Cisco HyperFlex - Unauthenticated Statistics Retrieval Vulnerability

·         Cisco Webex Meetings Online Content -  Injection Vulnerability

·         Cisco Webex Teams for iOS - Arbitrary File Upload Vulnerability

·         Cisco SPA112, SPA525, and SPA5x5 Series IP Phones - Certificate Validation Vulnerability

·         Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol - Denial of Service Vulnerability

·         Cisco IoT Field Network Director - XML External Entity Vulnerability

·         Cisco Firepower Threat Defense Software SSL or TLS - Denial of Service Vulnerability

·         Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge - Denial of Service Vulnerability

·         Cisco Unity Connection - Reflected Cross-Site Scripting Vulnerability