Cisco released security updates to address vulnerabilities in multiple Cisco products where an attacker could exploit the vulnerabilities to take control of an affected system.
Of the 18 vulnerabilities, 10 rated as high, seven where medium level and one was an informational issue.
In one vulnerability rated high, there was an issue in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device.
Cisco released software updates that address this vulnerability, officials said in an advisory. There are no workarounds that address this vulnerability.
This vulnerability affects Cisco AsyncOS Software for Cisco WSA, both virtual and hardware appliances, when the devices have the HTTPS Proxy feature enabled and have at least one decryption policy configured. The HTTPS Proxy feature is disabled by default.
Exploitation of this vulnerability will cause the proxy process to generate a core file with a particular backtrace.
The following were some of the other vulnerabilities:
• Small Business Series Switches Memory Corruption Vulnerability
• Small Business Series Switches HTTP Denial-of-Service Vulnerability
• Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability
• Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability
• Jabber for Windows DLL Preloading Vulnerability
• Unified Communications Manager Session Initiation Protocol Denial-of-Service Vulnerability
• Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
• Web Security Appliance Web Proxy Denial-of-Service Vulnerability
Click here for a rundown on the other issues.