Cisco Release Security Updates (May 01, 2019)

Description

The Cisco Corporation has recently released security updates to address vulnerabilities in multiple cisco products. It is recommended that you take the necessary precautions by ensuring your products are always updated.

The Cisco Release Security updates includes: 2 critical, 11 high, and 7 medium vulnerability fixes.

Critical

  • Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability
  • Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability

High

  • Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
  • Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP Timer Handling Denial of Service Vulnerability
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability
  • Cisco Firepower Threat Defense Software TCP Ingress Handler Denial of Service Vulnerability
  • Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability
  • Cisco Firepower Threat Defense Software Packet Processing Denial of Service Vulnerability
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability
  • Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability
  • Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability

Medium

  • Cisco Umbrella Cross-Site Scripting Vulnerability
  • Cisco Email Security Appliance Filter Bypass Vulnerability
  • Cisco IOS XR Software Protocol Independent Multicast Denial of Service Vulnerability
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Lightweight Directory Access Protocol Denial of Service Vulnerability
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability
  • Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability
  • Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerabilities

For more information on the Cisco Security updates you can follow this url:

https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.

Reference

•        Cisco Security Releases Security Updates (US-Cert)

https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates