WHAT HAPPENED?

Cisco released 3 Critical and 11 High security updates to address vulnerabilities in multiple products.

Advanced Users: For a complete description of the vulnerabilities visit:

• Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability -https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp
• Cisco IOS XE Software Web UI Privilege Escalation Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2
• Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi
• Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ccCisco
• OS Software Common Industrial Protocol Request Denial of Service Vulnerabilities - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip
• Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
• Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe
• Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp
• Cisco IOS Software Network Address Translation Denial of Service Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat
• Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc
• Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp
• Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet
• Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos
• Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls

AFFECTED VERSIONS:

Users and administrators are encouraged to review the Cisco Security Advisories listed above.

WHAT'S THE PROBLEM?

Exploitation of one of these vulnerabilities could allow an attacker to take control of an affected system.

WHAT DO I NEED TO DO?

Users and administrators are encouraged to review the above Cisco Security Advisories and apply the necessary updates.

RELATED LINKS

• IT Security at http://it.ucsf.edu/security