MA-984.112023: MyCERT Advisory - Cisco Releases Security Advisories for Multiple Products
1.0 Introduction
Recently, Cisco released security advisories for vulnerabilities affecting multiple Cisco products.
2.0 Impact
A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Cisco Firepower Management Center Software
- Cisco Identity Services Engine
- Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls
- Cisco Firepower Threat Defense Software
- Cisco Firepower Threat Defense Software and Firepower Management Center Software
- Cisco Firepower Management Center Software
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software
4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:
- Cisco Firepower Management Center Software Command Injection Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
- Cisco Identity Services Engine Command Injection Vulnerabilities - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw
- Cisco Identity Services Engine Vulnerabilities - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-FceLP4xs
- Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls Inspection Rules Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-intrusion-dos-DfT7wyGC
- Cisco Firepower Threat Defense Software ICMPv6 with Snort 2 Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-icmpv6-dos-4eMkLuN
- Cisco Firepower Threat Defense Software and Firepower Management Center Software Code Injection Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-fmc-code-inj-wSHrgz8L
- Cisco Firepower Management Center Software Log API Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-logview-dos-AYJdeX55
- Cisco Firepower Management Center Software Command Injection Vulnerabilities - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-dos-3GhZQBAS
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ICMPv6 Message Processing Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-icmpv6-t5TzqwNd
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
https://www.cisa.gov/news-events/alerts/2023/11/03/cisco-releases-security-advisories-multiple-products
MA-974.092023: MyCERT Advisory - Cisco Security Advisories Published on 27 September 2023
1.0 Introduction
Recently, Cisco has released security advisories for vulnerabilities affecting multiple Cisco products.
2.0 Impact
A remote cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
Multiple Cisco products.
4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:
1) Cisco Catalyst SD-WAN Manager Vulnerabilities - SIR: Critical
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z
2) Cisco IOS XE Software Web UI Command Injection Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy
3) Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-l2tp-dos-eB5tuFmV
4) Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y
5) Cisco DNA Center API Insufficient Access Control Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ins-acc-con-nHAVDRBZ
6) Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlre-H93FswRz
7) Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat3k-dos-ZZA4Gb3r
8) Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm
9) Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx
10) Cisco Wireless LAN Controller AireOS Software Denial of Service Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-dos-YSmbUqX3
11) Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control Denial of Service Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD
12) Cisco Catalyst 9100 Access Points Denial of Service Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-click-ap-dos-wdcXkvnQ
13) Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m
14) Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-969.092023: MyCERT Advisory - Cisco Releases Security Advisories for Multiple Products
1.0 Introduction
Recently, Cisco has released security advisories to address vulnerabilities affecting multiple Cisco products.
2.0 Impact
A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition.
3.0 Affected Products
4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates.
Kindly refer to the following:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radius-dos-W7cNn7gt
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
https://www.cisa.gov/news-events/alerts/2023/09/07/cisco-releases-security-advisories-multiple-products
MA-958.082023: MyCERT Advisory - Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability
1.0 Introduction
Recently, a vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
2.0 Impact
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
3.0 Affected Products
At the time of publication, this vulnerability affected the following Cisco products:
- BroadWorks Application Delivery Platform
- BroadWorks Application Server (AS)
- BroadWorks Xtended Services Platform (XSP)
4.0 Recommendations
There are no workarounds that address this vulnerability. The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Kindly visit https://www.cisco.com/go/psirt for more information.
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-commpilot-xss-jC46sezF
MA-935.052023: MyCERT Advisory - Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability
1.0 Introduction
On May 3, 2023, Cisco released an advisory to address a critical vulnerability in the web-based management system of the Cisco SPA112 2-Port Phone Adapters. The vulnerability is tracked as CVE-2023-20126 and has a CVSS score of 9.8.
2.0 Impact
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters
could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges.
There are currently no reports yet of an active exploitation of this vulnerability.
3.0 Affected Products
This vulnerability affects all firmware releases for Cisco SPA112 2-Port Phone Adapters.
Moreover, Cisco has not released and will not release firmware updates to address the vulnerability, because Cisco SPA112 2-Port Phone Adapters have entered the end of-life process and are no longer supported.
4.0 Recommendations
MyCERT encourage constituents to discontinue using the product, as well as verify if any other similar – possibly also no longer supported – products are in use.
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-934.042023: MyCERT Advisory - Cisco Releases Security Advisories for Multiple Products
1.0 Introduction
Recently, Cisco has released security updates for vulnerabilities affecting Industrial Network Director (IND), Modeling Labs, StarOS Software, and BroadbandWorks Network Server.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Industrial Network Director (IND)
- Modeling Labs
- StarOS Software
- BroadbandWorks Network Server.
4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates.
- Industrial Network Director cisco-sa-ind-CAeLFk6V : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V
- Modeling Labs cisco-sa-cml-auth-bypass-4fUCCeG5 : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-auth-bypass-4fUCCeG5
- IOS and IOS XE cisco-sa-20170629-snmp : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
- StarOS cisco-sa-staros-ssh-privesc-BmWeJC3h : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h
- BroadWorks Network Server cisco-sa-bw-tcp-dos-KEdJCxLs : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-tcp-dos-KEdJCxLs
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
https://www.cisa.gov/news-events/alerts/2023/04/21/cisco-releases-security-advisories-multiple-products
MA-895.122022: MyCERT Advisory - Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series
1.0 Introduction
Recently, Cisco released a security advisory for a vulnerability affecting IP Phone 7800 and 8800 Series.
2.0 Impact
A remote attacker could exploit this vulnerability to cause a denial-of-service condition. A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.
This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.
3.0 Affected Products
- IP Phone 8800 Series (except Cisco Wireless IP Phone 8821)
- IP Phone 7800 Series
4.0 Recommendations
MyCERT encourages users and administrators to review Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability and apply the necessary updates.
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-891.112022: MyCERT Advisory - Cisco Releases Security Updates for Identity Services Engine
1.0 Introduction
Recently, Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE).
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files.
3.0 Affected Products
Cisco Identity Services Engine (ISE)
4.0 Recommendations
For updates addressing vulnerabilities, see the Cisco Security Advisories page.
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:
- Cisco Identity Services Engine Insufficient Access Control Vulnerability
- Cisco Identity Services Engine Cross-Site Scripting Vulnerability
Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/16/cisco-releases-security-updates-identity-services-engine
MA-887.112022: MyCERT Advisory - Cisco Releases Security Updates for Multiple Products
1.0 Introduction
Recently, Cisco has released security updates to address vulnerabilities in multiple Cisco products.
2.0 Impact
A remote attacker could exploit?some?of these vulnerabilities to take control of an affected system.
3.0 Affected Products
• Cisco Adaptive Security Appliance Software
• Cisco Secure Firewall 3100 Series
• Cisco Firepower Threat Defense Software
• Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software
4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Client Denial of Service Vulnerability cisco-sa-ssl-client-dos-cCrQPkA
• Cisco Secure Firewall 3100 Series Secure Boot Bypass Vulnerability cisco-sa-fw3100-secure-boot-5M8mUh26
• Cisco Firepower Threat Defense Software Generic Routing Encapsulation Denial of Service Vulnerability cisco-sa-ftd-gre-dos-hmedHQPM
• Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software SNMP Default Credential Vulnerability cisco-sa-fmcsfr-snmp-access-6gqgtJ4S
• Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability cisco-sa-fmc-dos-OwEunWJN
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability cisco-sa-asaftd-snmp-dos-qsqBNM6x
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability cisco-sa-theseasa-ftd-dap-dos-GhYZBxDU
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/10/cisco-releases-security-updates-multiple-products
MA-884.112022: MyCERT Advisory - Cisco Releases Security Updates for Multiple Products
1.0 Introduction
Recently, Cisco has released security updates for vulnerabilities affecting multiple products.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
Cisco is investigating its product line to determine which products and cloud services may be affected by these vulnerabilities. If a product or cloud offer is not explicitly listed in the advisory, it is not vulnerable.
4.0 Recommendations
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page
MyCERT encourages users and administrators to review the advisories and apply the necessary updates.
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References