CIRT.GY | Releases Security Updates for Multiplier Products

Releases Security Updates for Multiplier Products (May 15, 2019)

Ref# Cisco | Date: May 29th 2019

Description

The Cisco Corporation has recently released security updates to address vulnerabilities in multiple cisco products. It is recommended that you take the necessary precautions by ensuring your products are always updated.

The Cisco Release Security updates includes: 1 Critical, 9 High and 10 Medium vulnerability fixes.

Critical

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce

High

Cisco Secure Boot Hardware Tampering Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos

Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-mpls-dos

Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player

Cisco Small Business Series Switches Simple Network Management Protocol Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb-snmpdos

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject

Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-evpn-dos

Cisco Video Surveillance Manager Web-Based Management Interface Information Disclosure Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cvsm

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-rpe

Medium

Cisco Small Business 300 Series Managed Switches DHCP Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb300sms-dhcp

Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1820

Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819

Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1818

Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv

Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2

Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780

Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass

Cisco NX-OS Software SSH Key Information Disclosure Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info

The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.

Reference

Cisco Security Releases Security Updates for Multiplier Products (US-Cert)

https://www.us-cert.gov/ncas/current-activity/2019/05/15/Cisco-Releases-Multiple-Security-Updates