TTCSIRT-043.092117: TT-CSIRT Advisory – CISCO Security Updates

TTCSIRT-043.092117: TT-CSIRT Advisory – CISCO Security Updates

Cisco has released updates to address vulnerabilities affecting the following products:

a) Unified Customer Voice Portal Operations Console – a vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation.

b) Cisco Email Security Appliance – a vulnerability in the email message filtering feature of Cisco AsyncOS Software could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device.

c) Cisco Small Business Managed Switches – a vulnerability in the Secure Shell (SSH) subsystem could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections.

Further information on these vulnerabilities and how they can be fixed can be found on the CISCO Website via the following URLs –

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms