Cisco products multiple vulnerabilities
RISK: High Risk
TYPE: Servers - Network Management
Two vulnerabilities were identified in Cisco Web Security Virtual Appliance (WSAv) and Cisco Email Security Virtual Appliance (ESAv). A remote user can gain full control the target system and decrypt and impersonate communications between target devices. [ CVE-2015-4216, CVE-2015-4217]
Several vulnerabilities were identified in Cisco Unified Communications Manager IM and Presence Service. A remote authenticated user can gain elevated privileges on the target system and inject SQL commands. [CVE-2015-4221, CVE-2015-4222]
A vulnerability was identified in Cisco IOS XR. A remote user can cause denial of service conditions on the target system. [CVE-2015-4223]
A vulnerability was identified in Cisco Identity Services Engine and Cisco Secure Access Control Server. A remote authenticated user can obtain potentially sensitive information on the target system. [CVE-2015-4219]
A vulnerability was identified in Cisco NX-OS. A remote authenticated user can obtain decrypted passwords. [CVE-2015-4213]
A vulnerability was identified in Cisco Jabber for Windows. A remote user can obtain potentially sensitive information on the target system. [CVE-2015-4218]
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Cisco Web Security Virtual Appliance versions prior to June 25, 2015
- Cisco Email Security Virtual Appliance versions prior to June 25, 2015
- Cisco Unified Communications Manager IM and Presence Service 9.1(1); possibly other versions
- IOS XR 5.1.3; possibly other versions
- Cisco Identity Services Engine 1.0(4.573)
- Cisco Secure Access Control Server prior to 5.4(0.46.2) and 5.5(0.46)
- Cisco NX-OS Nexus 9000 Series; NX-OS 1.1(1g)
- Cisco Jabber for Windows 9.6(3) and prior; 9.7(5) and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued fixes except for CVE-2015-4218.
- No official solution is currently available for CVE-2015-4218.
Vulnerability Identifier
- CVE-2015-4216
- CVE-2015-4217
- CVE-2015-4221
- CVE-2015-4222
- CVE-2015-4223
- CVE-2015-4219
- CVE-2015-4213
- CVE-2015-4218
Source
Related Link
- http://securitytracker.com/id/1032726
- http://securitytracker.com/id/1032725
- http://securitytracker.com/id/1032716
- http://securitytracker.com/id/1032715
- http://securitytracker.com/id/1032714
- http://securitytracker.com/id/1032713
- http://securitytracker.com/id/1032712
- http://securitytracker.com/id/1032711
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39506
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39509
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39501
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39469
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39494
Share with