Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2444 Cisco IOS and IOS XE Software Updates 28 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco IOS Cisco IOS XE Publisher: Cisco Systems Operating System: Cisco Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Increased Privileges -- Existing Account Administrator Compromise -- Console/Physical Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-12240 CVE-2017-12239 CVE-2017-12238 CVE-2017-12237 CVE-2017-12236 CVE-2017-12235 CVE-2017-12234 CVE-2017-12233 CVE-2017-12232 CVE-2017-12231 CVE-2017-12230 CVE-2017-12229 CVE-2017-12228 CVE-2017-12226 CVE-2017-12222 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip Comment: This bulletin contains fourteen (14) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability Advisory ID: cisco-sa-20170927-pnp Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12228 CVSS Score v(3): 8.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N +--------------------------------------------------------------------- Summary ======= A vulnerability in the Cisco Network Plug and Play application of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82EZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlR5hAAoJSL8mgSXa43j0o1 XhE7DANfktCgGzP1ysORvp8lcGTpkFKcV4a5D9nttv7quyHqkRGARUt+9kqullsl QQQfh2Iu1Tt8u4f5QKkmEfPYNb46M6NoLN+8gO7Tl5b26vqKwh4TJ+xcRiOzWp6D RiUV91XT5T3ZifGVQ4jm8vH/GUB1djBbyMtycncLe2jUrOsOCjGy9h6lbB0QNxv6 A+6TOV8kwFCwYwfwuJH2DVFTfgCqEKXq+DMzBe2RTZLSzdqwnrmpGY+EfBDcoZKy Ck9fQufopBSFIGYscQu/EVkuusGL8oZ/yyRSZdU+6Lnm8G/L/gB+/khNogcnTcAG XVWBJxtCe25UjQUGMs99D1w4CPkSWIuF5p+VXtFyl3qBcFgHKVzQVNr6SUJPMmOe 9hkgDoUecHZrR7BV3B2EJ2cjoexum13K3f6A5qYls2n1gtbV0pczfVuhe0PVrGtt GWZEAMFa55QBeU2YcIlIhKbsa6f4gUxA4O6mvRalzcLZ7lIiCp1WZ9+l2e7ZybqE NLWYgUREAvDVR2Z5qf93eg7yiXAX47Y7kxm0WiS7XbvNfbBJCSCGkTuVpkgr6dnI pkxrotOZlLWjPZErFW5Mi9+Y5mueWO3i5vtfiGGhnKKlLEpPksg0dOONJFU5vGTO G7aUdAYOCYUDo9gk7r7h8GZxhr8= =fVvH - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability Advisory ID: cisco-sa-20170927-ike Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12237 CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy815ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkqSA//XDX6CJfZxPEuKzCE 8U1r6FinZW9fpdi+xNlQiBGwnxen8aQvNbVyVPsRYLC1xgMt6RtW2bA3HEoaxGV1 gueQzd9Xi60Dd/YnZCwZlD1RCQNWbHxrbqlC1R6tKK/pi9DkVdovz3wem7ETyu0A GJGcrBh8Ambiv/eFLwj7n7QazWOFffLqzhK7hsAfFpzTxwbDTgVkIWsYIMmrkDpU A52Ho2yx/jcyCNqzeZspkA1oY+4BouomrtMcVvP1C8CVV9wlh7UIceRU5TJ+nrIR uBIyLrFR29VzlfJO6jtySwZBb1KwXJMWWn230zubashjAJ/8s1gFSkooQ4m0nTa5 l+f5xB54/Ni6g51krck/XGT2peBBOTfo7jkp0QhVnaOf05FTehVEug0WFMyciJVZ FVQN78Py4tgUYsEg+RnEqobm5gPbvpnm9ab2HvDvSfRqbGqacf6Ht43a64lMjbqm pLUacHx9vfokdjnlwW5BVZ/7BBdfVwWPX26rRjeRaEMppNjqLjpyETTiqIi9v044 uQEHXvRC7koroSsuaWDNLRJcuN0Ut1aP9sOULGD7Cm9xLoc1iDuJ1/x5fNRR95r8 hh/nt9Rh6Dq07gweHT0/gBYUAV9NftNk2f/pJo+eGKWLrqjE0JT2kW3TzZ1yRAZ7 vzkDYQjZLtrZvDqoSq3JV045Nfo= =HInu - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability Advisory ID: cisco-sa-20170927-dhcp Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12240 CVSS Score v(3): 9.8/9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C +--------------------------------------------------------------------- Summary ======= The DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82VZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnT2hAArojpOSNGQgOsPXtR 91bTJgRRVElMaS6Y+e/Y8YO/dL4O4yHLYEnnq2i3+hteDFaTTTtjaBpiMg9xfhvL uCDerKVgtM6WOzxoRtwyIv7hui72SDZXEr1+vjwTqCcX1vVUWo2RRQUr6f5hbAwW ezXqSjE9AZMBWCBhg/gN2aIRH2ajvY/euCqoPOxbsuZGWREGDUaDfeCTC4d92leM edeONWzdUQfZptZzxqkHGGVsXMTN2SxpzgzmhrMkXi8FUm4HfV5MqloFpWYjYDAv WXSoBejAIUvd9/ExQkygnX+XTygoA9tF1A9nuXoQ0VgItrCiiNtWNVfWR9N+peIo 81WMZpGFAAFkoLGU7IPyE2upCdvdNzmlsruxCim3DcGi4sHYkq4Bi2x9XUab/qmA /5YPORvmvtqo1IjbnO/2v61lnaqAOTlxf0wwT/GyIxtFBnqOqDpTuxsUZ1/rYW/d g++kj9tYEgg5luMOSZ251g7KKJwHNLlFRN4DtsBySbOIykPncHNEz5TJ1HNiJof4 SViV27Bkwvs+kIY+3UC/ihMIR9A3GQay5P5PA4jGEBzpP18aSTbv5n3oEakLhaVq 80ZnDyFNMMgiMxwZzvRH9i/6Fa/QDxP4lskniIKzLGvzDqg59ZC8CeyE1SIDpKED gd7qaS45q6LhK/mTt5yIi2hCMj4= =J9AI - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability Advisory ID: cisco-sa-20170927-ios-xe Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12222 CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the wireless controller manager of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe"] - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82YZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmVMQ/+IDHxs96SuyF0q2z5 AUfbMI98O7YpJ8Lsx16pcSsQMFi431EKEIpaHfnKkLK2pOTutoclwH8bvGRYbVnX PnoK1OwmvCPhpN79XlewF/jfXt1l7tYevpqIlaE3qwP7DLKLoEJXMH6JYnmQOoeq pufV+Nb+I6pE/VnbWG+J8z3TKjj1+ZkS27YcZ8UKKMwVrbKRC+2DLEWeO2HTtBYq 0WUNTQVzV9MCdAOZ0008e00gf83mRgEWTiO65bLF2M8K1C1SM6RMbbJSxiQ7/J9U sXgBsQ9pe9GATsqsiXhGfWou9yCMhBbU6GUyCZQSCMNf4kr7VNDhtBkw8LxLsTU+ SjGXtLA/UjN0RCXj9orf3l/LYUw5K/S6jw8sgegeoKNs0YB5W9IoQYu5ABaXWzqh y5hLs7aRCQv6MxCEek0S6oNklUi9j4aabyk4RFQBhRQtBYtxQX6GVhE0t4KJu1hM IfvhYIPieHvuw3daUhFkHkXGVO8/dSOLWOJxD4p24kmzkfZTIZ3z0ymhb+8xbp0O Khr7HXKcUeZp2xE7oROWEmnD9mclWH/oCIg4qd6WyBYmghb4LAR2WvnK9fbDb3a+ Txh6osYbWYMKWBBjOn3IePsbyy+5AIWNdHc3CnE+tNsFB/TILaufCm8LAxLfZYR4 8WTJtX8eFDMlI8EXQyQfYS/Gbno= =4o4V - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability Advisory ID: cisco-sa-20170927-cc Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12239 CVSS Score v(3): 7.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82BZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkvLQ//RzZe/ReOEDNrWcek JBpvdpv0EiYdtsqWc786BX+//Pgj89u+/LOU7dpfr4aD/3fu83J77yPpeD2+QosW VTCh3+SK9RSuq8xSkk16TXUWDFbDjrPvjJBEP8jDQE9APQbqmMSJ2Ad29TTslR9h WVv3aGIBPSWwy7jtYOh7PJD9gEZG7ndF+0N+a4s6evErFpO3Jna0W7JbBVeCqTKc /DjvOGYnskHL/BANkXNdrKt0neoSWva6rh/tVkeIVfE+jZKhyvdGOhKt2yw8no/B I3z7k0unCXNLMxOICmRtcX23498769utZdbJwQMPSiYpspBgTHmUWmB0CBP5Aa1K 2O4U8hWK7DFamnYp9JutsH8kh3DuwkGubtLCaCShC9fCzLF2qJ3aGQ6Cc4t7RuN9 B0RM9L1kTRyxEYsp7KkkqhQ4Gbn2vXeNZXR+fs3wtntAU8o75wE985GmdED6ibzF TPg+g0MED4RZb5y8p0cRuHfjSM6ornearmPuYy4JkfExq7jpXqZQfxwAS4VdsihD AdDh/8GEE9u9LbwPNQBZ8GSTVpnw+SS8WrTvvEDdw/KRiteCP55XTx8hpMu+HYkF fKXrVADRkgXsWON4EYjoHO3Cm3aPU5VFcdiqL14HilmnbV/PcL6OjQs8IvZPjgrK j5ROTG1Ka/w+y3X7elDT661650E= =81iV - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability Advisory ID: cisco-sa-20170927-ngwc Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12226 CVSS Score v(3): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc"] - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy813ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlIeg/8C0tLPtq/afJfN7KY ugzFlkFhahPT+k03GBkD0uufIQxCb8cVsDJ+9hIQYI9ST+KrIEUu3NePvY01dQbZ ehm/GKhKaKC6YHHdW20SwUlRddQNuVdGssL0SIfT0dQ56dYbVo8w2UFZLB2oZia0 X1+VEeQ9GPQAuVeCsgX+Sj1dufqRgADzGWg4SVuKZcYTLL1ZEBs2vVVb80N3Cbfv L55w3PqsZMlOI0jzpipdOx5sPGbWXxBz4fjBa8RWzJh20Ctim2XCjOjtXfI2TJZK Cs68sxObqD/wPTf1tv8eG8mPO7zUGqeyLnLyOqfDINIOnuaVd2fFm0gkiP8NAADy FoHdSbB/7FWcikwvGfAqU5MoRKwDbJGGiC8szLYgVp3bmsNlVoDlw6OQRn9Q+z1V kZjetDenyavZ+kgtyNKzQcFMPBotjlb+lfijWCf7c/hklAyjeqD1YoVeNEe7Vnn4 cftL/J+gDJdxrLFHC4dsH5WljOL2jKdNcpIWw14wVdvTL++VpQbWEOV0MCHFJ5iN 1VEY0p+kWQWPkgaNl0W6wo72ODzzsufiB9v2zOEPl45yGsNqWdxI9GuBWHXT5/2x LMc/xsmJ8pjiJXgPFElECkdhMFun5X9sYG4DEUMEDxsc/tsYcANoE2SCllC4zhlz r1c5TA2BwvAu9uW0zPv6fhlWvj4= =/PIf - -----END PGP SIGNATURE----- - ---- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability Advisory ID: cisco-sa-20170927-restapi Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12229 CVSS Score v(3): 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82GZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnGXxAAgP93jdrsNgncld37 K0ka2Mjic43JtZaLoC8ysspjU98Ji7epLR4u1C3rkDVQLblMYUu/bgMb9q1PcjEs dLwzTqQs5U62szjlFZNpN3yO7vZqvi5HLpEQpT0g2Q7blmoc6cASt6FhV0Lgr6kx /YeE7JVWhWMj3kbFUbqLlD9JWjGORPj5T3y85/3hUp9s0v7dRBxL2M80AA8Jt0Iq 0ObLslLfMYqhJrO1DFFx5t597b2UtqNyhyRAX9GlczQ/7z/X/pdiXaMvOj7O7Xg5 TgWRexkmV1MQIVT9IDWE/4LWTNqe6LTI4LWLic1IN1XCb2eCbXRNm+cN+o+yLVdR fRym4W3PM6ZveEthcwMb5hfjZmudAQOYZFA2ZBmf6k4tV12LK3Tc9NoIJoSnl6lI R+lW2IbjQREA2YV2IZHfSWmHt0eeVM+XaHUzzDUbTn+FxIaHYM9EPSO5Rfv+KB3Y l3bS3DYQ2tDyYkoHkYqjKx7EpQSNEHELCjmf+C11XfcOnuoNhzDw5B4RS9oyU3hk pCJJF4rxpm6rWmvatVUCE2IQGrRdIgTStjRS+NSdCt2yleJgHSdQydD/I0FncPIT qOYB2WFQ3/cGZPB7GCQDrpHfBip2/phKzyd8Lm0ui4nB06q3QF7nCMQmG5meZFLa o+Oz5G9f3R3kz1KMdD4LrdNWDds= =/0IJ - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Advisory ID: cisco-sa-20170927-privesc Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12230 CVSS Score v(3): 9.9 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82JZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmpUxAAy2eUwP9ZGxdMTyLp vqaUryxjuEzGtTelrbZCdaMo1K8mekoaxV7HB81ykJjei6X0pLVBGjYHC+bspTRD XTGnrfrurayxRZmhjbBaSCAXPOmpFQqM5Lcriy02nozbinPcZO3nhXGFrpF/tdjn ZMGZ5qdS75Vw9j+xSUHxBPk72hgq2f5mUDBoPBjUyuMRzoy5hSNsMYayjrADYXDG zjO+mY4NPnGpl4QWMJnX75A6g0t40vg1DlaKTEWgWFgneQGP9Bu/0665Rle5Dh1Y wCHch8eChPQbaGkxvO+Luz53rXRKomIYc1w9s/NFbhCMmYnlKyYQ8f222TEJABJM Pex79F9DUCZzrMZx0x+B6u9nCVHNYGcSkl5Ao9bi7ymQQS3menKn96D8lXG6t9kp aYo+NZoWCNXIUtTXrjo+oDhvW6A5fty3Q/AUcZxo69v0FautLf3tclpMVTCbnMYa SwVlJ3ypkM3fyJnZnZj6T8NN7GHlcxUOfIP0ffYJm1XYVKnfEkC/+RN+07iocvRm YZ38IuN8BIcTbQ4mwMhMRadBrylM9mZk8Q/3yYoEHBKhBw3Gc5fiBYtN4/Q+xAhy exkg9aNWia8QDDCRCxSBf9/44IUwFStiTyXfAlbr4TgHbyfACXemTir7u7HAa2do 9FQbzfK6hh7qGhuwnCeGmTrOVm0= =aBz1 - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability Advisory ID: cisco-sa-20170927-lisp Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12236 CVSS Score v(3): 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L +--------------------------------------------------------------------- Summary ======= A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE Software could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy81/ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHki7w//Y9htlcyaKuEy1jin p456PwWEi706Z8VdbUuPEIVy3k04CGGB/VZDg6JRwgjPodYysTWbH9Pbj7mCbJ7U vWjdvlm1thDk2FX40BRxUvlTkR5j6zM+0DvPMN9/NImJwe+d9lGgOkIZvhW3SGyr Ta/AMe25e9cS3cpeemR4F/JFw0eeiwlizJ7bDACegvOGWnJJnsGejekHhAl7o4ey QaIW86yjaAyx49VgX+EE6YrpufM1oyW1ZYYZCVA3oUDM3EHwdGKk3vE2QjT67uZQ F78BFr4uXX4TSyPs+wVuUa24TmPWyzXgl5eSA3d63/xtWBjtuOk8UDE9eCXo9udX D2qmf9SjgOZVqHa2k7K72z02udpffbRv+VC/V1ciTqep/c3L4v+6wpTUkdJXI7we E9D4tbNKhuvRU4f2RWIjZhMu+y9V6JSfAW9/AI8yL38vTmUCS82mZPYllOOOSDGH HkJvCBk7aElbHiU7t6wdhPNrnZ8D1BOvPCC40rLmfm35Y7CxHIv2zHRPtz8IfIID gRs23+CxPc0Yx1lNcWO/gHcXlwXJ5wDb01ZTjzLMrV4KNz7j3m7ixMRHKueBr+U8 p3mIYkG/rSXhoV0DWq33P3KuiPCI/YfbAfxdk1FwoYODSC+JJhBubBwF8roc8w8U YrWnEEA5933oUPsr92D6HlvE+u8= =TBum - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability Advisory ID: cisco-sa-20170927-rbip-dos Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12232 CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82LZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkgAA//Tn6EufpLpcmcb1ce 2oM9tDS59awVWnHPlol2UoB3I7Rk9DsJVC5A/kg/Rzf93pLxla8sI/xy/+ibi++4 Z1qFaZg71qcp1myfg1VZJMgT/EeeoD86hMaB+fI9h+7r2+NRlYuctraM4UeLqMxD gx63DB5apx7ErekPIt41QMfUPZF1DNUkEa2Ivmm+ixSfEqwnRFWdZN/GWtcbwQQl RjPs5HVEL8KZeS1wmB+2CRGQTCTwF5obPHNW0Qc21kE0V71bm6sDHBsJGfUNMkea 6c8FTmBwQs2Mg3ppnDLxFXJ1LeNx94xmsMs9xF+NuDZoDjJF6jxM95pwfIcotudp De+2lrz0K9iTiYLfvbZwxCeuJ/3Ga8gAeD+KQQye/PB3JYtkvJDyCEFckMliWhKj eCsV8PD2Mg2ieKws5zz/DlbLYD4Lwj8VA72xgu1BNLTehFMG8PY8bVVZPsP8tWOK u5TkYO7WAl7EX6AjlXMc+26fgho8QzCHS7Z2tuhRHNlKVkTEr7I7OrWWrGPAzWCa 5e0W9n9J/ToCbbR2RYb6zf64eb+x+WucVGHu2/wKZa+fVMAIElAaZYdQ9A3l7j1f CWUgxlKXgrvffrFCgCIauYdAqQ2Giq+yPn7OfgwGzBswZXmbfMt9J/Dl5w0p+Cey GLfQyqeSwmaH+UzykontXoUAfh0= =PHoo - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability Advisory ID: cisco-sa-20170927-profinet Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12235 CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82QZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnHTg/8CT3REKxrcy2tsevD Y3TJ0EHIa632izZ9YySqyyKJJoJuXz8QoGtD+ihOalHUuyrvgjPUiWn9AGWaGWsl fgvN+JQFtp9jv9KRJtYcPfQ8VnLAOFO4zkTXWiQUuLZztErLn/uCdbuhoUyFx90o s6GpcVSS9dfcjtp/uEySM9qkYfOQc4N6AjJhwRgUIFYUEkl+ShLiNg8t3kFmyeH9 GnS34ZPgaf9gXmjaO1M/KKCWaZjzY5XSdlaoD3vVmei6ws+eyj3U5HXLD1/OE3a1 NUfK0I1qAKkhgcEJpP6H9SbayuWM6p10gLNBa1zjYxQbJDaVMxKP4VvBXoch4FV9 zXpKXci4zt+vi4AVXcs8ts4PiFTfRfxCI8qhzb8Y1JU2pAPIwoC0QFYvYiJW8axZ /U3KyUSFQzqwZwGXh8YK5MKl6x3dGk2mZNhYzeMsCntvsqo/wxxP1lN8R5bXcanA GaJb1CjBbuxzcN1/Azx4Y5GKBE9zeCoB38FZv252eGbEI5KdLzGl1hv8an3t6qpQ u0SRh+Eh1iJT2pn5vzirlV1LdmNuNLhDsRSJ42GYJp2Fu/+by2gXxpKdESmgTdLB Ix+OHOzQi0xRPDK0meQihHzpzKJbK5gWLzKON1C7v0/IaWp1Sz2zDw23tgI8hUuv IpIDFWlYwM6Q2YndGFOBoofdJus= =maIe - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability Advisory ID: cisco-sa-20170927-vpls Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12238 CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy818ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlHQg/8DoTvV3XwAyyaKwIC Aor2Dsu0qtJvWQOmEzl1j6exss5nV5nnoeGYd6yI6Qe/SsqwU7z9vpckAfiRGbYv IOgUpg7asEgQcDTR6LZ+x7e2Vyb5KhmrENHfQp95t5eo6Q6zfF0Ruq9xBqiSEggs WEnkiIZWXITw0dfKLy2a5sHUCCr6mXigifrGHFAUf7aTZzoV99Ti+Fxq8M+/nnXA sh0Te056ozHBAmDA/zqkH+EC/WrLRe2MstsGKt4qA2BcpizDG5YKuL/jl/PauR7B 3bn3fjegnbSjOdVTWEN3vkofub8oh89qbGQBxeTf7UGcWifRfyOsiza0+lmx9VFA LnYnO+WnCmUknB5uAg3UBUeKvHHEF/+7i4lvJYISTzMywUbgKf4H5KIN/SBfM67N 6zG9dFchOheMZ/DsClSw22yPlmN+2WDwszybec/QtQOjHajHkA6RgQ1smsGeCevP oqQYII28iuWDB827f28dqOQc1HTe79vI3InuRL2YU56t+05qLyZTZGKRxteaBJmk ULiPX/yU7prrcv3ykV+c/3kTLMm9F9duqxUTJMD08uqKihe1Owl2PcTD7u6dSbav z9fV0vspd5nx49VIHkT99ghk+Hzi25+HIKsGG88yFvTphD3GbjsvrdVv4tX8Ceij UxwQbuqWUwWDuA1nN6JkBef4O0I= =zZSV - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability Advisory ID: cisco-sa-20170927-nat Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12231 CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82TZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlXKw/+JevuzWLyyC73sQCl 7uqChdAcirMvOUfImKpYwLGhXgOaUymtwwsCwaPlOhcmiTMq7wYsmqIgI7suourb siswsbrBuuSqbebXD1kEMdA/LPJv1pkoqRiMCIY4vPieH/r2qKm0lOTD1mj7QfMY Dvmvtx6LL5n8AUTU96XipMjOEs7drkwP9MYRE37jqX87CvE3zJwhubLyWFGYXN3L ac38/dcrpDA48yWTqseVpN2MeNcsXplP4CaC1DRE/LxB2GakI4Bi7FsZlKU9Aay0 dAN6D9h9+iB8LZPTWxscfC8RdufKZdjuIcHc1BsYLo01K7KTxgS0/W/HXtDJkipW nLsV5uKPb4OEZ8nBuQFS8McueKwy9PPFZiirqrMiJwwPyd4PUJwANmyTl/2RgSBh G9ztWfYE5VhttG4Lw7swYITMhI5EOHKnQbsu5cdPolmjDFO30K170a+5tBpzfJqg 7ZPRCJtbBfpbCacQH9zc7eZ5qW4NaM7ygvaFmRM/kSot+TwsNI4jd4CIy9lIxr3K 9UzZZ+gGTjvp6IiSRKEcOYbRaF0EYISPCYF+qmZb5dbP07IRy1Ms+eQPoPM+C6gA LCDEqD1Sm6cnwuSLBLVTHka/CrxR7JU4qbgkf+wdB1/+PqHFPdNlkKL/OxCGuSBE UGqw4aJJr9hcTVT1Fith39JZv8A= =YGEd - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities Advisory ID: cisco-sa-20170927-cip Revision: 1.0 For Public Release: 2017 September 27 16:00 GMT Last Updated: 2017 September 27 16:00 GMT CVE ID(s): CVE-2017-12233, CVE-2017-12234 CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip"] This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"]. - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZy82OZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnomw/+PA4GcQyU+fAXbz79 edY2UTmH+L5x5K1+4Lc+BQwx1Ps1sTl6o0/XLR0uF9bgyVJ1bzOb6UubLcRdGnMM j8HrTpFKBRFg8Y68Q2EfIbq1DZXblsELh471iHE3Pl5PV+vLQ9Hj2ut3fVimY81I Lj+yzBg6742wVC8kx9rlJ+10Yp9r7+aKvO2281VZkj18IVnkS/7BiNOudjE6blpq bI4x42xRP4MOX3VLvGR4vXd7h3wB2UqalhTBMfPsUS2ggRganVOnyx8VXM6gPRnd DMrb2v729+56a0nY1crDu7hqL/72MD84cOJGt/8X9FrNjXiFhT5KYEo+z22X2p/w scEvnB+SlyG4vuzAi32gH+VWasbfplElWxW+Fm5TaYJmkD5+OhKyfa64yE4CxFc1 D+FkIpXpkpXoTUDJUNri0kx0CDr75fHRQ+F9yMvjyczicEQLyZqrOLLGgfbLnk8A 797mvT1i0N7yUKJ8DrbSdoLDZLbK/7z5Uk2QtdXCznXzD0R//sMNZ7z7XM7+cirX jO5sT/qUUyeX+3/82+9gQ1fgmMhqUVFyP7LR6U06A51Yk4WmqheYaJWLFacWwvCE cA6H1L4CmAmGfvJDidlgh2PTxLTyQfPsZbwPxm5bjdYYz4PiWM5yGtQCdn3tPEPH EyMfPpjR0qpQVpKtRmpckSckW4A= =NLyv - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWcwySox+lLeg9Ub1AQgBTA//bVfmnlG6NPpAu0LG5Q0bHgTfL+lqtjm0 N95KfHycMwxglzyWN46n1BjTKRPJtldZmTBmtOrCwmlkMJwUWqOi+YUGdK+pnIe6 0on3hGGHfthMKVAWgvNzAo5L9JgshgAN4L4uQmneZPCjNgXWOdQCklHjpPuGoqcS 3jCKh1o9rHvycsJyZCZn0PKfCSW0ePOOO+imxP+I2NWY8qeAmuJJ7whb5O5F909r r+IDuGxSAv8u6tcN6IpJ6F2jx+2zTTQF/prcTDq3mFZFy4qhIsp2kbkI1bbPfD43 X5NREk5nCZ1pSVjjXyLYWOqVPDMX24HonhtKaxySa2LEg0hbLpu6867VqssLnDqO nyQ9eIY0qTFy27+ElKP9ktoKcO81OIZBNo0adEXA9a1pp430SYeHlLfuSRklIFcM YbblbJLH81u+jxP9yBJEp4QP9ZqMoZAiN0HnPpBAWms7+xUovb72npVaUmuJIPQK sE0GfzvjiIip/A5ZQ7MxZzg0oivAJYkA9DlOqtCx0ApP60lT2ShSH/TGkxMEauJm bWoremtemnaKcnb4tqUY8lic/MY6Q4WohnOLczmTFDRCdmBmcdtj7ObaeN9wWM44 vybDEHkFWdXAkJJdwvrSbvEsxEUbHK15RmzN2s7Fc75mySj7HbM7zwG28UaU6bBT 4OoHpEYCxDw= =tmXw -----END PGP SIGNATURE-----