CIRT.GY | Releases Security Updates for Multiple Products (

Releases Security Updates for Multiple Products (July 17, 2019)

Ref# Cisco | Date: Jul 19th 2019

Description

The Cisco Corporation has recently released security updates to address vulnerabilities in multiple Cisco products. It is recommended that you take the necessary precautions by ensuring your products are always updated.

Critical

Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth

High

Cisco Secure Boot Hardware Tampering Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Cisco FindIT Network Management Software Static Credentials Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cfnm-statcred

Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-aironet-dos

Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf

Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp

Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos

Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-evpn-dos

Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos

Medium

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1776)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1776

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1783)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1783

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784

Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info

Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command

Cisco Small Business Series Switches Open Redirect Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-ise-xss

Cisco Identity Services Engine Blind SQL Injection Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-ise-sql-inject

Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sma-xss

Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos

Informational

Multiple Issues in Cisco Small Business 250/350/350X/550X Series Switches Firmware and Cisco FindIT Network Probe

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sb-switches-findit

The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.

Reference

Cisco Releases Security Updates for Multiple Products (US-Cert)

https://www.us-cert.gov/ncas/current-activity/2019/07/17/cisco-releases-security-updates-multiple-products