ESB-2017.2444 - ALERT [Cisco] Cisco IOS and IOS XE: Multiple vulnerabilities 2017-09-28

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2444
                   Cisco IOS and IOS XE Software Updates
                             28 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco IOS
                   Cisco IOS XE
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Access Privileged Data          -- Remote/Unauthenticated
                   Increased Privileges            -- Existing Account      
                   Administrator Compromise        -- Console/Physical      
                   Denial of Service               -- Remote/Unauthenticated
                   Provide Misleading Information  -- Remote/Unauthenticated
                   Unauthorised Access             -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-12240 CVE-2017-12239 CVE-2017-12238
                   CVE-2017-12237 CVE-2017-12236 CVE-2017-12235
                   CVE-2017-12234 CVE-2017-12233 CVE-2017-12232
                   CVE-2017-12231 CVE-2017-12230 CVE-2017-12229
                   CVE-2017-12228 CVE-2017-12226 CVE-2017-12222

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip

Comment: This bulletin contains fourteen (14) Cisco Systems security 
         advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability

Advisory ID: cisco-sa-20170927-pnp

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12228

CVSS Score v(3): 8.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate.

The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82EZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlR5hAAoJSL8mgSXa43j0o1
XhE7DANfktCgGzP1ysORvp8lcGTpkFKcV4a5D9nttv7quyHqkRGARUt+9kqullsl
QQQfh2Iu1Tt8u4f5QKkmEfPYNb46M6NoLN+8gO7Tl5b26vqKwh4TJ+xcRiOzWp6D
RiUV91XT5T3ZifGVQ4jm8vH/GUB1djBbyMtycncLe2jUrOsOCjGy9h6lbB0QNxv6
A+6TOV8kwFCwYwfwuJH2DVFTfgCqEKXq+DMzBe2RTZLSzdqwnrmpGY+EfBDcoZKy
Ck9fQufopBSFIGYscQu/EVkuusGL8oZ/yyRSZdU+6Lnm8G/L/gB+/khNogcnTcAG
XVWBJxtCe25UjQUGMs99D1w4CPkSWIuF5p+VXtFyl3qBcFgHKVzQVNr6SUJPMmOe
9hkgDoUecHZrR7BV3B2EJ2cjoexum13K3f6A5qYls2n1gtbV0pczfVuhe0PVrGtt
GWZEAMFa55QBeU2YcIlIhKbsa6f4gUxA4O6mvRalzcLZ7lIiCp1WZ9+l2e7ZybqE
NLWYgUREAvDVR2Z5qf93eg7yiXAX47Y7kxm0WiS7XbvNfbBJCSCGkTuVpkgr6dnI
pkxrotOZlLWjPZErFW5Mi9+Y5mueWO3i5vtfiGGhnKKlLEpPksg0dOONJFU5vGTO
G7aUdAYOCYUDo9gk7r7h8GZxhr8=
=fVvH
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability

Advisory ID: cisco-sa-20170927-ike

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12237

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition.

The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition.

Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy815ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkqSA//XDX6CJfZxPEuKzCE
8U1r6FinZW9fpdi+xNlQiBGwnxen8aQvNbVyVPsRYLC1xgMt6RtW2bA3HEoaxGV1
gueQzd9Xi60Dd/YnZCwZlD1RCQNWbHxrbqlC1R6tKK/pi9DkVdovz3wem7ETyu0A
GJGcrBh8Ambiv/eFLwj7n7QazWOFffLqzhK7hsAfFpzTxwbDTgVkIWsYIMmrkDpU
A52Ho2yx/jcyCNqzeZspkA1oY+4BouomrtMcVvP1C8CVV9wlh7UIceRU5TJ+nrIR
uBIyLrFR29VzlfJO6jtySwZBb1KwXJMWWn230zubashjAJ/8s1gFSkooQ4m0nTa5
l+f5xB54/Ni6g51krck/XGT2peBBOTfo7jkp0QhVnaOf05FTehVEug0WFMyciJVZ
FVQN78Py4tgUYsEg+RnEqobm5gPbvpnm9ab2HvDvSfRqbGqacf6Ht43a64lMjbqm
pLUacHx9vfokdjnlwW5BVZ/7BBdfVwWPX26rRjeRaEMppNjqLjpyETTiqIi9v044
uQEHXvRC7koroSsuaWDNLRJcuN0Ut1aP9sOULGD7Cm9xLoc1iDuJ1/x5fNRR95r8
hh/nt9Rh6Dq07gweHT0/gBYUAV9NftNk2f/pJo+eGKWLrqjE0JT2kW3TzZ1yRAZ7
vzkDYQjZLtrZvDqoSq3JV045Nfo=
=HInu
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20170927-dhcp

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12240

CVSS Score v(3): 9.8/9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

+---------------------------------------------------------------------

Summary
=======
The DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82VZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnT2hAArojpOSNGQgOsPXtR
91bTJgRRVElMaS6Y+e/Y8YO/dL4O4yHLYEnnq2i3+hteDFaTTTtjaBpiMg9xfhvL
uCDerKVgtM6WOzxoRtwyIv7hui72SDZXEr1+vjwTqCcX1vVUWo2RRQUr6f5hbAwW
ezXqSjE9AZMBWCBhg/gN2aIRH2ajvY/euCqoPOxbsuZGWREGDUaDfeCTC4d92leM
edeONWzdUQfZptZzxqkHGGVsXMTN2SxpzgzmhrMkXi8FUm4HfV5MqloFpWYjYDAv
WXSoBejAIUvd9/ExQkygnX+XTygoA9tF1A9nuXoQ0VgItrCiiNtWNVfWR9N+peIo
81WMZpGFAAFkoLGU7IPyE2upCdvdNzmlsruxCim3DcGi4sHYkq4Bi2x9XUab/qmA
/5YPORvmvtqo1IjbnO/2v61lnaqAOTlxf0wwT/GyIxtFBnqOqDpTuxsUZ1/rYW/d
g++kj9tYEgg5luMOSZ251g7KKJwHNLlFRN4DtsBySbOIykPncHNEz5TJ1HNiJof4
SViV27Bkwvs+kIY+3UC/ihMIR9A3GQay5P5PA4jGEBzpP18aSTbv5n3oEakLhaVq
80ZnDyFNMMgiMxwZzvRH9i/6Fa/QDxP4lskniIKzLGvzDqg59ZC8CeyE1SIDpKED
gd7qaS45q6LhK/mTt5yIi2hCMj4=
=J9AI
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability

Advisory ID: cisco-sa-20170927-ios-xe

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12222

CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the wireless controller manager of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe"]

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82YZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmVMQ/+IDHxs96SuyF0q2z5
AUfbMI98O7YpJ8Lsx16pcSsQMFi431EKEIpaHfnKkLK2pOTutoclwH8bvGRYbVnX
PnoK1OwmvCPhpN79XlewF/jfXt1l7tYevpqIlaE3qwP7DLKLoEJXMH6JYnmQOoeq
pufV+Nb+I6pE/VnbWG+J8z3TKjj1+ZkS27YcZ8UKKMwVrbKRC+2DLEWeO2HTtBYq
0WUNTQVzV9MCdAOZ0008e00gf83mRgEWTiO65bLF2M8K1C1SM6RMbbJSxiQ7/J9U
sXgBsQ9pe9GATsqsiXhGfWou9yCMhBbU6GUyCZQSCMNf4kr7VNDhtBkw8LxLsTU+
SjGXtLA/UjN0RCXj9orf3l/LYUw5K/S6jw8sgegeoKNs0YB5W9IoQYu5ABaXWzqh
y5hLs7aRCQv6MxCEek0S6oNklUi9j4aabyk4RFQBhRQtBYtxQX6GVhE0t4KJu1hM
IfvhYIPieHvuw3daUhFkHkXGVO8/dSOLWOJxD4p24kmzkfZTIZ3z0ymhb+8xbp0O
Khr7HXKcUeZp2xE7oROWEmnD9mclWH/oCIg4qd6WyBYmghb4LAR2WvnK9fbDb3a+
Txh6osYbWYMKWBBjOn3IePsbyy+5AIWNdHc3CnE+tNsFB/TILaufCm8LAxLfZYR4
8WTJtX8eFDMlI8EXQyQfYS/Gbno=
=4o4V
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability

Advisory ID: cisco-sa-20170927-cc

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12239

CVSS Score v(3): 7.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system.

The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82BZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkvLQ//RzZe/ReOEDNrWcek
JBpvdpv0EiYdtsqWc786BX+//Pgj89u+/LOU7dpfr4aD/3fu83J77yPpeD2+QosW
VTCh3+SK9RSuq8xSkk16TXUWDFbDjrPvjJBEP8jDQE9APQbqmMSJ2Ad29TTslR9h
WVv3aGIBPSWwy7jtYOh7PJD9gEZG7ndF+0N+a4s6evErFpO3Jna0W7JbBVeCqTKc
/DjvOGYnskHL/BANkXNdrKt0neoSWva6rh/tVkeIVfE+jZKhyvdGOhKt2yw8no/B
I3z7k0unCXNLMxOICmRtcX23498769utZdbJwQMPSiYpspBgTHmUWmB0CBP5Aa1K
2O4U8hWK7DFamnYp9JutsH8kh3DuwkGubtLCaCShC9fCzLF2qJ3aGQ6Cc4t7RuN9
B0RM9L1kTRyxEYsp7KkkqhQ4Gbn2vXeNZXR+fs3wtntAU8o75wE985GmdED6ibzF
TPg+g0MED4RZb5y8p0cRuHfjSM6ornearmPuYy4JkfExq7jpXqZQfxwAS4VdsihD
AdDh/8GEE9u9LbwPNQBZ8GSTVpnw+SS8WrTvvEDdw/KRiteCP55XTx8hpMu+HYkF
fKXrVADRkgXsWON4EYjoHO3Cm3aPU5VFcdiqL14HilmnbV/PcL6OjQs8IvZPjgrK
j5ROTG1Ka/w+y3X7elDT661650E=
=81iV
- -----END PGP SIGNATURE-----


- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20170927-ngwc

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12226

CVSS Score v(3): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device.

The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc"]

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy813ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlIeg/8C0tLPtq/afJfN7KY
ugzFlkFhahPT+k03GBkD0uufIQxCb8cVsDJ+9hIQYI9ST+KrIEUu3NePvY01dQbZ
ehm/GKhKaKC6YHHdW20SwUlRddQNuVdGssL0SIfT0dQ56dYbVo8w2UFZLB2oZia0
X1+VEeQ9GPQAuVeCsgX+Sj1dufqRgADzGWg4SVuKZcYTLL1ZEBs2vVVb80N3Cbfv
L55w3PqsZMlOI0jzpipdOx5sPGbWXxBz4fjBa8RWzJh20Ctim2XCjOjtXfI2TJZK
Cs68sxObqD/wPTf1tv8eG8mPO7zUGqeyLnLyOqfDINIOnuaVd2fFm0gkiP8NAADy
FoHdSbB/7FWcikwvGfAqU5MoRKwDbJGGiC8szLYgVp3bmsNlVoDlw6OQRn9Q+z1V
kZjetDenyavZ+kgtyNKzQcFMPBotjlb+lfijWCf7c/hklAyjeqD1YoVeNEe7Vnn4
cftL/J+gDJdxrLFHC4dsH5WljOL2jKdNcpIWw14wVdvTL++VpQbWEOV0MCHFJ5iN
1VEY0p+kWQWPkgaNl0W6wo72ODzzsufiB9v2zOEPl45yGsNqWdxI9GuBWHXT5/2x
LMc/xsmJ8pjiJXgPFElECkdhMFun5X9sYG4DEUMEDxsc/tsYcANoE2SCllC4zhlz
r1c5TA2BwvAu9uW0zPv6fhlWvj4=
=/PIf
- -----END PGP SIGNATURE-----

- ----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20170927-restapi

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12229

CVSS Score v(3): 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software.

The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82GZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnGXxAAgP93jdrsNgncld37
K0ka2Mjic43JtZaLoC8ysspjU98Ji7epLR4u1C3rkDVQLblMYUu/bgMb9q1PcjEs
dLwzTqQs5U62szjlFZNpN3yO7vZqvi5HLpEQpT0g2Q7blmoc6cASt6FhV0Lgr6kx
/YeE7JVWhWMj3kbFUbqLlD9JWjGORPj5T3y85/3hUp9s0v7dRBxL2M80AA8Jt0Iq
0ObLslLfMYqhJrO1DFFx5t597b2UtqNyhyRAX9GlczQ/7z/X/pdiXaMvOj7O7Xg5
TgWRexkmV1MQIVT9IDWE/4LWTNqe6LTI4LWLic1IN1XCb2eCbXRNm+cN+o+yLVdR
fRym4W3PM6ZveEthcwMb5hfjZmudAQOYZFA2ZBmf6k4tV12LK3Tc9NoIJoSnl6lI
R+lW2IbjQREA2YV2IZHfSWmHt0eeVM+XaHUzzDUbTn+FxIaHYM9EPSO5Rfv+KB3Y
l3bS3DYQ2tDyYkoHkYqjKx7EpQSNEHELCjmf+C11XfcOnuoNhzDw5B4RS9oyU3hk
pCJJF4rxpm6rWmvatVUCE2IQGrRdIgTStjRS+NSdCt2yleJgHSdQydD/I0FncPIT
qOYB2WFQ3/cGZPB7GCQDrpHfBip2/phKzyd8Lm0ui4nB06q3QF7nCMQmG5meZFLa
o+Oz5G9f3R3kz1KMdD4LrdNWDds=
=/0IJ
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20170927-privesc

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12230

CVSS Score v(3): 9.9 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges on an affected device.

The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82JZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmpUxAAy2eUwP9ZGxdMTyLp
vqaUryxjuEzGtTelrbZCdaMo1K8mekoaxV7HB81ykJjei6X0pLVBGjYHC+bspTRD
XTGnrfrurayxRZmhjbBaSCAXPOmpFQqM5Lcriy02nozbinPcZO3nhXGFrpF/tdjn
ZMGZ5qdS75Vw9j+xSUHxBPk72hgq2f5mUDBoPBjUyuMRzoy5hSNsMYayjrADYXDG
zjO+mY4NPnGpl4QWMJnX75A6g0t40vg1DlaKTEWgWFgneQGP9Bu/0665Rle5Dh1Y
wCHch8eChPQbaGkxvO+Luz53rXRKomIYc1w9s/NFbhCMmYnlKyYQ8f222TEJABJM
Pex79F9DUCZzrMZx0x+B6u9nCVHNYGcSkl5Ao9bi7ymQQS3menKn96D8lXG6t9kp
aYo+NZoWCNXIUtTXrjo+oDhvW6A5fty3Q/AUcZxo69v0FautLf3tclpMVTCbnMYa
SwVlJ3ypkM3fyJnZnZj6T8NN7GHlcxUOfIP0ffYJm1XYVKnfEkC/+RN+07iocvRm
YZ38IuN8BIcTbQ4mwMhMRadBrylM9mZk8Q/3yYoEHBKhBw3Gc5fiBYtN4/Q+xAhy
exkg9aNWia8QDDCRCxSBf9/44IUwFStiTyXfAlbr4TgHbyfACXemTir7u7HAa2do
9FQbzfK6hh7qGhuwnCeGmTrOVm0=
=aBz1
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20170927-lisp

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12236

CVSS Score v(3): 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE Software could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR).

The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy81/ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHki7w//Y9htlcyaKuEy1jin
p456PwWEi706Z8VdbUuPEIVy3k04CGGB/VZDg6JRwgjPodYysTWbH9Pbj7mCbJ7U
vWjdvlm1thDk2FX40BRxUvlTkR5j6zM+0DvPMN9/NImJwe+d9lGgOkIZvhW3SGyr
Ta/AMe25e9cS3cpeemR4F/JFw0eeiwlizJ7bDACegvOGWnJJnsGejekHhAl7o4ey
QaIW86yjaAyx49VgX+EE6YrpufM1oyW1ZYYZCVA3oUDM3EHwdGKk3vE2QjT67uZQ
F78BFr4uXX4TSyPs+wVuUa24TmPWyzXgl5eSA3d63/xtWBjtuOk8UDE9eCXo9udX
D2qmf9SjgOZVqHa2k7K72z02udpffbRv+VC/V1ciTqep/c3L4v+6wpTUkdJXI7we
E9D4tbNKhuvRU4f2RWIjZhMu+y9V6JSfAW9/AI8yL38vTmUCS82mZPYllOOOSDGH
HkJvCBk7aElbHiU7t6wdhPNrnZ8D1BOvPCC40rLmfm35Y7CxHIv2zHRPtz8IfIID
gRs23+CxPc0Yx1lNcWO/gHcXlwXJ5wDb01ZTjzLMrV4KNz7j3m7ixMRHKueBr+U8
p3mIYkG/rSXhoV0DWq33P3KuiPCI/YfbAfxdk1FwoYODSC+JJhBubBwF8roc8w8U
YrWnEEA5933oUPsr92D6HlvE+u8=
=TBum
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability

Advisory ID: cisco-sa-20170927-rbip-dos

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12232

CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82LZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkgAA//Tn6EufpLpcmcb1ce
2oM9tDS59awVWnHPlol2UoB3I7Rk9DsJVC5A/kg/Rzf93pLxla8sI/xy/+ibi++4
Z1qFaZg71qcp1myfg1VZJMgT/EeeoD86hMaB+fI9h+7r2+NRlYuctraM4UeLqMxD
gx63DB5apx7ErekPIt41QMfUPZF1DNUkEa2Ivmm+ixSfEqwnRFWdZN/GWtcbwQQl
RjPs5HVEL8KZeS1wmB+2CRGQTCTwF5obPHNW0Qc21kE0V71bm6sDHBsJGfUNMkea
6c8FTmBwQs2Mg3ppnDLxFXJ1LeNx94xmsMs9xF+NuDZoDjJF6jxM95pwfIcotudp
De+2lrz0K9iTiYLfvbZwxCeuJ/3Ga8gAeD+KQQye/PB3JYtkvJDyCEFckMliWhKj
eCsV8PD2Mg2ieKws5zz/DlbLYD4Lwj8VA72xgu1BNLTehFMG8PY8bVVZPsP8tWOK
u5TkYO7WAl7EX6AjlXMc+26fgho8QzCHS7Z2tuhRHNlKVkTEr7I7OrWWrGPAzWCa
5e0W9n9J/ToCbbR2RYb6zf64eb+x+WucVGHu2/wKZa+fVMAIElAaZYdQ9A3l7j1f
CWUgxlKXgrvffrFCgCIauYdAqQ2Giq+yPn7OfgwGzBswZXmbfMt9J/Dl5w0p+Cey
GLfQyqeSwmaH+UzykontXoUAfh0=
=PHoo
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability

Advisory ID: cisco-sa-20170927-profinet

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12235

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82QZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnHTg/8CT3REKxrcy2tsevD
Y3TJ0EHIa632izZ9YySqyyKJJoJuXz8QoGtD+ihOalHUuyrvgjPUiWn9AGWaGWsl
fgvN+JQFtp9jv9KRJtYcPfQ8VnLAOFO4zkTXWiQUuLZztErLn/uCdbuhoUyFx90o
s6GpcVSS9dfcjtp/uEySM9qkYfOQc4N6AjJhwRgUIFYUEkl+ShLiNg8t3kFmyeH9
GnS34ZPgaf9gXmjaO1M/KKCWaZjzY5XSdlaoD3vVmei6ws+eyj3U5HXLD1/OE3a1
NUfK0I1qAKkhgcEJpP6H9SbayuWM6p10gLNBa1zjYxQbJDaVMxKP4VvBXoch4FV9
zXpKXci4zt+vi4AVXcs8ts4PiFTfRfxCI8qhzb8Y1JU2pAPIwoC0QFYvYiJW8axZ
/U3KyUSFQzqwZwGXh8YK5MKl6x3dGk2mZNhYzeMsCntvsqo/wxxP1lN8R5bXcanA
GaJb1CjBbuxzcN1/Azx4Y5GKBE9zeCoB38FZv252eGbEI5KdLzGl1hv8an3t6qpQ
u0SRh+Eh1iJT2pn5vzirlV1LdmNuNLhDsRSJ42GYJp2Fu/+by2gXxpKdESmgTdLB
Ix+OHOzQi0xRPDK0meQihHzpzKJbK5gWLzKON1C7v0/IaWp1Sz2zDw23tgI8hUuv
IpIDFWlYwM6Q2YndGFOBoofdJus=
=maIe
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability

Advisory ID: cisco-sa-20170927-vpls

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12238

CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition.

The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy818ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlHQg/8DoTvV3XwAyyaKwIC
Aor2Dsu0qtJvWQOmEzl1j6exss5nV5nnoeGYd6yI6Qe/SsqwU7z9vpckAfiRGbYv
IOgUpg7asEgQcDTR6LZ+x7e2Vyb5KhmrENHfQp95t5eo6Q6zfF0Ruq9xBqiSEggs
WEnkiIZWXITw0dfKLy2a5sHUCCr6mXigifrGHFAUf7aTZzoV99Ti+Fxq8M+/nnXA
sh0Te056ozHBAmDA/zqkH+EC/WrLRe2MstsGKt4qA2BcpizDG5YKuL/jl/PauR7B
3bn3fjegnbSjOdVTWEN3vkofub8oh89qbGQBxeTf7UGcWifRfyOsiza0+lmx9VFA
LnYnO+WnCmUknB5uAg3UBUeKvHHEF/+7i4lvJYISTzMywUbgKf4H5KIN/SBfM67N
6zG9dFchOheMZ/DsClSw22yPlmN+2WDwszybec/QtQOjHajHkA6RgQ1smsGeCevP
oqQYII28iuWDB827f28dqOQc1HTe79vI3InuRL2YU56t+05qLyZTZGKRxteaBJmk
ULiPX/yU7prrcv3ykV+c/3kTLMm9F9duqxUTJMD08uqKihe1Owl2PcTD7u6dSbav
z9fV0vspd5nx49VIHkT99ghk+Hzi25+HIKsGG88yFvTphD3GbjsvrdVv4tX8Ceij
UxwQbuqWUwWDuA1nN6JkBef4O0I=
=zZSV
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability

Advisory ID: cisco-sa-20170927-nat

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12231

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82TZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlXKw/+JevuzWLyyC73sQCl
7uqChdAcirMvOUfImKpYwLGhXgOaUymtwwsCwaPlOhcmiTMq7wYsmqIgI7suourb
siswsbrBuuSqbebXD1kEMdA/LPJv1pkoqRiMCIY4vPieH/r2qKm0lOTD1mj7QfMY
Dvmvtx6LL5n8AUTU96XipMjOEs7drkwP9MYRE37jqX87CvE3zJwhubLyWFGYXN3L
ac38/dcrpDA48yWTqseVpN2MeNcsXplP4CaC1DRE/LxB2GakI4Bi7FsZlKU9Aay0
dAN6D9h9+iB8LZPTWxscfC8RdufKZdjuIcHc1BsYLo01K7KTxgS0/W/HXtDJkipW
nLsV5uKPb4OEZ8nBuQFS8McueKwy9PPFZiirqrMiJwwPyd4PUJwANmyTl/2RgSBh
G9ztWfYE5VhttG4Lw7swYITMhI5EOHKnQbsu5cdPolmjDFO30K170a+5tBpzfJqg
7ZPRCJtbBfpbCacQH9zc7eZ5qW4NaM7ygvaFmRM/kSot+TwsNI4jd4CIy9lIxr3K
9UzZZ+gGTjvp6IiSRKEcOYbRaF0EYISPCYF+qmZb5dbP07IRy1Ms+eQPoPM+C6gA
LCDEqD1Sm6cnwuSLBLVTHka/CrxR7JU4qbgkf+wdB1/+PqHFPdNlkKL/OxCGuSBE
UGqw4aJJr9hcTVT1Fith39JZv8A=
=YGEd
- -----END PGP SIGNATURE-----

- ---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20170927-cip

Revision: 1.0

For Public Release: 2017 September 27 16:00 GMT

Last Updated: 2017 September 27 16:00 GMT

CVE ID(s): CVE-2017-12233, CVE-2017-12234

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip"]

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410"].

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZy82OZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnomw/+PA4GcQyU+fAXbz79
edY2UTmH+L5x5K1+4Lc+BQwx1Ps1sTl6o0/XLR0uF9bgyVJ1bzOb6UubLcRdGnMM
j8HrTpFKBRFg8Y68Q2EfIbq1DZXblsELh471iHE3Pl5PV+vLQ9Hj2ut3fVimY81I
Lj+yzBg6742wVC8kx9rlJ+10Yp9r7+aKvO2281VZkj18IVnkS/7BiNOudjE6blpq
bI4x42xRP4MOX3VLvGR4vXd7h3wB2UqalhTBMfPsUS2ggRganVOnyx8VXM6gPRnd
DMrb2v729+56a0nY1crDu7hqL/72MD84cOJGt/8X9FrNjXiFhT5KYEo+z22X2p/w
scEvnB+SlyG4vuzAi32gH+VWasbfplElWxW+Fm5TaYJmkD5+OhKyfa64yE4CxFc1
D+FkIpXpkpXoTUDJUNri0kx0CDr75fHRQ+F9yMvjyczicEQLyZqrOLLGgfbLnk8A
797mvT1i0N7yUKJ8DrbSdoLDZLbK/7z5Uk2QtdXCznXzD0R//sMNZ7z7XM7+cirX
jO5sT/qUUyeX+3/82+9gQ1fgmMhqUVFyP7LR6U06A51Yk4WmqheYaJWLFacWwvCE
cA6H1L4CmAmGfvJDidlgh2PTxLTyQfPsZbwPxm5bjdYYz4PiWM5yGtQCdn3tPEPH
EyMfPpjR0qpQVpKtRmpckSckW4A=
=NLyv
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWcwySox+lLeg9Ub1AQgBTA//bVfmnlG6NPpAu0LG5Q0bHgTfL+lqtjm0
N95KfHycMwxglzyWN46n1BjTKRPJtldZmTBmtOrCwmlkMJwUWqOi+YUGdK+pnIe6
0on3hGGHfthMKVAWgvNzAo5L9JgshgAN4L4uQmneZPCjNgXWOdQCklHjpPuGoqcS
3jCKh1o9rHvycsJyZCZn0PKfCSW0ePOOO+imxP+I2NWY8qeAmuJJ7whb5O5F909r
r+IDuGxSAv8u6tcN6IpJ6F2jx+2zTTQF/prcTDq3mFZFy4qhIsp2kbkI1bbPfD43
X5NREk5nCZ1pSVjjXyLYWOqVPDMX24HonhtKaxySa2LEg0hbLpu6867VqssLnDqO
nyQ9eIY0qTFy27+ElKP9ktoKcO81OIZBNo0adEXA9a1pp430SYeHlLfuSRklIFcM
YbblbJLH81u+jxP9yBJEp4QP9ZqMoZAiN0HnPpBAWms7+xUovb72npVaUmuJIPQK
sE0GfzvjiIip/A5ZQ7MxZzg0oivAJYkA9DlOqtCx0ApP60lT2ShSH/TGkxMEauJm
bWoremtemnaKcnb4tqUY8lic/MY6Q4WohnOLczmTFDRCdmBmcdtj7ObaeN9wWM44
vybDEHkFWdXAkJJdwvrSbvEsxEUbHK15RmzN2s7Fc75mySj7HbM7zwG28UaU6bBT
4OoHpEYCxDw=
=tmXw
-----END PGP SIGNATURE-----

« Back to bulletins