TTCSIRT-228.092719: TT-CSIRT ADVISORY – CISCO SECURITY UPDATES

TTCSIRT-228.092719: TT-CSIRT ADVISORY – CISCO SECURITY UPDATES

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

TTSCIRT urges users and administrators to review the Cisco Security Advisories page and apply the necessary updates:

https://tools.cisco.com/security/center/publicationListing.x

 

CRITICAL

1) CVE-2018-0296 – Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability

2) CVE-2019-1620 – Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

3) CVE-2019-1619 – Cisco Data Center Network Manager Authentication Bypass Vulnerability

 

HIGH

1) CVE-2019-1901 – Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability

2) CVE-2019-12646 – Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability

3) CVE-2019-12652 – Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability

4) CVE-2019-12648 – Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability

5) CVE-2019-12650 & CVE-2019-12651 – Cisco IOS XE Software Web UI Command Injection Vulnerabilities

6) CVE-2019-12654 – Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability

7) CVE-2019-12653 – Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability

8) CVE-2019-12658 – Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability

9) CVE-2019-12656 – Cisco IOx Application Environment Denial of Service Vulnerability

10) CVE-2019-12655 – Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability

11) CVE-2019-12657 – Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability

12) CVE-2019-12649 – Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

13) CVE-2019-12647 – Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability

14) CVE-2019-1621 – Cisco Data Center Network Manager Arbitrary File Download Vulnerability

15) CVE-2018-15459 – Cisco Identity Services Engine Privilege Escalation Vulnerability