Search Results for: security release 12 9 1

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases
At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerabilities described in this advisory and which release included the fix for these vulnerabilities.
Cisco FTD Software

Cisco FTD Software Release
First Fixed Release for these Vulnerabilities

Earlier than 6.2.21
Migrate to a fixed release.

6.2.2
Migrate to a fixed release.

6.2.3
Migrate to a fixed release.

6.3.0
Migrate to a fixed release.

6.4.0
6.4.0.12

6.5.0
Migrate to a fixed release.

6.6.0
6.6.42

6.7.0
6.7.0.2

1. Cisco FMC and FTD Software releases 6.0.1 and earlier, as well as releases 6.2.0 and 6.2.1, have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability.

2. The First Fixed Release for the 6.6.0 code train was 6.6.3; however, due to upgrade issues associated with CSCvx86231 the recommended release is 6.6.4.

To upgrade to a fixed release of Cisco FTD Software, do one of the following:

For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy.
For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy.

Cisco IOS XE Software and Cisco IOS XE SD-WAN Software

Cisco UTD Snort IPS Engine Software for IOS XE and Cisco UTD Engine for IOS XE SD-WAN Software1
First Fixed Release for these Vulnerabilities

Earlier than 16.12
Migrate to a fixed release.

16.12
16.12.5

17.1
Migrate to a fixed release.

17.2
Migrate to a fixed release.

17.3
17.3.3

17.4
17.4.1

1Starting with release 17.2.1, Cisco IOS XE Software and Cisco IOS XE SD-WAN Software share the same image file.
Open Source Snort
The open source Snort project releases 2.9.17.1 and later contain the fix for these vulnerabilities. For more information on open source Snort, see the Snort website.

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
Cisco FTD Software Release 6.7.0
For Cisco FTD Software Release 6.7.0, as a workaround when the Snort 3 configuration option is enabled, an administrator may enable built-in rule 129:2 in the intrusion policy and set the action to Drop instead of Alert.
Use the following steps to verify that the Snort 3 configuration option is enabled. For more details, see the Switching Between Snort 2 and Snort 3 section of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.7.

Log in to the Admin Portal for the FTD deployment.
Navigate to Policies  > Intrusion.
Look for the Snort Version line above the table. The current version is the first number in the complete version number. For example, 2.9.17-95 is a Snort 2 version.

Use the following steps to enable rule 129:2. For more details, see the Changing Intrusion Rule Actions (Snort 3) section of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.7.

Log in to the Admin Portal for the FTD deployment.
Navigate to Policies  > Intrusion.
Choose any system-provided policy, such as Balanced Security and Connectivity.
Search for rule 129:2.
Check the check box next to the rule to enable it.
Choose Drop from the Action drop-down list.
Add the intrusion policy to a rule in Access control policy.

Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s):

Cisco Unified Communications Manager IM & Presence Service Release
First Fixed Release

Earlier than 10.5
None.

10.5
None.

11.0
Migrate to 11.5(1)SU9.

11.5
11.5(1)SU9

12.0
Migrate to 12.5(1)SU4.

12.5
12.5(1)SU4

The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.Several of the vulnerabilities below only impact Cisco SD-WAN vManage Software that is operating in a cluster. Customers can verify whether the software is operating in cluster mode by checking the Cisco SD-WAN vManage web-based management interface Administration > Cluster Management view. Customers should also refer to the Cisco SD-WAN Getting Started Guide chapter on Cluster Management.
Details about the vulnerabilities are as follows:
CVE-2021-1468: Cisco SD-WAN vManage Cluster Mode Unauthorized Message Processing Vulnerability

A vulnerability in a messaging service of Cisco SD-WAN vManage Software when operating in cluster mode could allow an unauthenticated, remote attacker to send unauthorized messages to the vulnerable application.
This vulnerability is due to improper authentication checks on user-supplied input to an application messaging service. An attacker could exploit this vulnerability by submitting crafted input to the service. A successful exploit could allow the attacker to call privileged actions within the affected system, including creating new administrative level user accounts.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvu28454CVE ID: CVE-2021-1468Security Impact Rating (SIR): CriticalCVSS Base Score: 9.8CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1505: Cisco SD-WAN vManage Cluster Mode Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when operating in cluster mode could allow an authenticated, remote attacker to bypass authorization checking and gain elevated privileges within an affected system.

This vulnerability exists because the affected software does not perform authorization checks on certain operations. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain elevated privileges within the affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvu28390CVE ID: CVE-2021-1505Security Impact Rating (SIR): CriticalCVSS Base Score: 9.1CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-1508: Cisco SD-WAN vManage Cluster Mode Unauthorized Access Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when operating in cluster mode could allow an authenticated, remote attacker to bypass authorization checking and make application modifications that could allow the attacker to gain elevated privileges within an affected system. This vulnerability exists because the affected software does not perform authorization checks on certain operations. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain elevated privileges within the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVE ID: CVE-2021-1508
Security Impact Rating (SIR): High
CVSS Base Score: 8.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2021-1275: Cisco SD-WAN vManage Denial of Service Vulnerability

A vulnerability in an API of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected system.
The vulnerability is due to insufficient handling of API requests to the affected system. An attacker could exploit this vulnerability by sending a large amount of API requests to the affected system. A successful exploit could allow the attacker to cause a DoS condition on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvv67264CVE ID: CVE-2021-1275Security Impact Rating (SIR): HighCVSS Base Score: 7.5CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-1506: Cisco SD-WAN vManage Cluster Mode Unauthorized Services Access Vulnerability

A vulnerability in a service of Cisco SD-WAN vManage Software when operating in cluster mode could allow an authenticated, remote attacker to gain unauthorized access to services within an affected system. This vulnerability exists because the affected software does not perform authorization checks on service access. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain unauthorized access to services within the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvu28402CVE ID: CVE-2021-1506Security Impact Rating (SIR): HighCVSS Base Score: 7.2CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H