Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Threat ID:: CC-1670
Category:
Threat Severity:: Low
Threat Vector:
Published:: 28 September 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Threat details

Remediation advice

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

Remediation steps

Type	Step
	IOS and IOS XE Software DHCP Remote Code Execution Vulnerability cisco-sa-20170927-dhcp IOS XE Software Web UI Privilege Escalation Vulnerability cisco-sa-20170927-privesc IOS XE Software Web UI REST API Authentication Bypass Vulnerability cisco-sa-20170927-restapi IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability cisco-sa-20170927-cc IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerabilities cisco-sa-20170927-cip IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability cisco-sa-20170927-ike IOS XE Wireless Controller Manager Denial-of-Service Vulnerability cisco-sa-20170927-ios-xe IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability cisco-sa-20170927-lisp IOS Software Network Address Translation Denial-of-Service Vulnerability cisco-sa-20170927-nat IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability cisco-sa-20170927-ngwc IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability cisco-sa-20170927-pnp IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability cisco-sa-20170927-profinet IOS Software for Cisco Integrated Services Routers Generation 2 Denial-of-Service Vulnerability cisco-sa-20170927-rbip-dos IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability cisco-sa-20170927-vpls

Type

Step

IOS and IOS XE Software DHCP Remote Code Execution Vulnerability cisco-sa-20170927-dhcp
IOS XE Software Web UI Privilege Escalation Vulnerability cisco-sa-20170927-privesc
IOS XE Software Web UI REST API Authentication Bypass Vulnerability cisco-sa-20170927-restapi
IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability cisco-sa-20170927-cc
IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerabilities cisco-sa-20170927-cip
IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability cisco-sa-20170927-ike
IOS XE Wireless Controller Manager Denial-of-Service Vulnerability cisco-sa-20170927-ios-xe
IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability cisco-sa-20170927-lisp
IOS Software Network Address Translation Denial-of-Service Vulnerability cisco-sa-20170927-nat
IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability cisco-sa-20170927-ngwc
IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability cisco-sa-20170927-pnp
IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability cisco-sa-20170927-profinet
IOS Software for Cisco Integrated Services Routers Generation 2 Denial-of-Service Vulnerability cisco-sa-20170927-rbip-dos
IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability cisco-sa-20170927-vpls

Last edited: 17 February 2020 11:29 am