Cisco Fixes Multiple Vulnerabilities

Thursday, April 20, 2017 @ 04:04 PM gHale


Cisco released software updates for its Firepower, IOS, Adaptive Security Appliance (ASA) and Unified Communications Manager (Unified CM) products.

One of the flaws, identified as CVE-2016-6368, can affect several products running Cisco Firepower System Software, including ASA, Advanced Malware Protection (AMP), Firepower, Sourcefire 3D and Industrial Security appliances. An unauthenticated attacker can exploit the vulnerability remotely to cause a Denial of Service (DoS) condition.

RELATED STORIES
Cisco Finds Moxa Vulnerabilities
Cisco Fixes Aironet Flaws
Cisco Fixes Hole in Industrial Routers
Cisco Finds CMP Vulnerability

A DoS vulnerability (CVE-2017-3808) that can end up exploited by a remote, unauthenticated attacker has also been found in Cisco Unified CM, namely in the session initiation protocol UDP throttling process.

Several high severity DoS flaws have also been discovered in the EnergyWise module of Cisco’s IOS and IOS XE software. EnergyWise is for monitoring and managing the power usage of devices in a domain, including networking devices and Power over Ethernet (PoE) endpoints.

Cisco also published four advisories describing remotely exploitable weaknesses in its ASA software. The security holes affect components such as the IKEv1 XAUTH code, the SSL/TLS code, IPsec code and DNS code.

Two of the vulnerabilities can be exploited by an unauthenticated attacker, while the other two require authentication.

Most of these flaws ended up discovered by Cisco itself and there is no evidence any of them have been exploited for malicious purposes.



Leave a Reply

You must be logged in to post a comment.