The vulnerabilities details and remedies are listed below.
It is advised that you check if any component of your network is affected, and if so, to patch it the soonest to prevent a potential breach.
libSRTP DoS Vulnerability (CVE-2015-6360):
The vulnerability is in the encryption processing subsystem of libSRTP (a Secure Real-Time Transport Protocol -SRTP- library). It could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device. Cisco released version 1.5.3 of libSRTP to address this issue which affects multiple products (including ASA, CUCM and IOS XE).
|Collaboration and Social Media|
|Cisco WebEx Meetings Server versions 1.x||CSCux00729|
|Cisco WebEx Meetings Server versions 2.x||CSCux00729||2.6.1 and 2.7 (June 2016)|
|Endpoint Clients and Client Software|
|Network and Content Security Devices|
|Cisco Adaptive Security Appliance (ASA) Software1||CSCux00686||188.8.131.52|
|Routing and Switching - Enterprise and Service Provider|
|Cisco IOS XE Software2||CSCux04317||3.14.3S|
|Voice and Unified Communications Devices|
|Cisco IP Phone 88x1 Series||CSCux00708||11.0(1)|
|Cisco DX Series IP Phones||CSCux00697||10.2(5)|
|Cisco IP Phone 88x5 Series||CSCux00748||11.0(1)|
|Cisco Unified 7800 Series IP Phones||CSCux00742||11.0(1)|
|Cisco Unified 8831 Series IP Conference Phone||CSCux01782|
|Cisco Unified 8961 IP Phone||CSCux00707||9.4(2)SR3 (August 2016)|
|Cisco Unified 9951 IP Phone||CSCux00707||9.4(2)SR3 (August 2016)|
|Cisco Unified 9971 IP Phone||CSCux00707||9.4(2)SR3 (August 2016)|
|Cisco Unified Communications Manager (UCM)||CSCux00716||10.5(2)SU3|
|Cisco Unified Communications Manager Session Management Edition (SME)||CSCux00716||10.5(2)SU3|
|Cisco Unified IP Phone 7900 Series||CSCux00745||9.4(2)SR2|
|Cisco Unified IP Phone 8941 and 8945 (SIP)||CSCux01786|
|Cisco Unified Wireless IP Phone||CSCux37802||184.108.40.206|
|Cisco Unity Connection (UC)||CSCux35568||10.5(2)SU3|
ASA DHCPv6 Relay DoS Vulnerability (CVE-2016-1367):
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition.
|Product||BugID||Affected Versions||Condition||Fixed Release|
|ASA 5500-X Series|
DHCPv6 relay feature is configured. Example:
asa#show running-config ipv6 dhcprelay
ipv6 dhcprelay enable outside
|ASA Services Module for Catalyst 6500 and 7600 Routers|
|Cisco Adaptive Security Virtual Appliance (ASAv)|
WLC Multiple DoS Vulnerabilities
- CVE-2016-1363: WLC HTTP Parsing DoS Vulnerability
The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition.
- CVE-2016-1364: WLC Bonjour Task Manager DoS Vulnerability
A vulnerability in the Bonjour task manager of WLC could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Bonjour traffic by the affected software.
- CVE-2016-1362: WLC Management Interface DoS Vulnerability
The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface.
|Product||Vulnerability||CVE||BugID||Major Release||First Fixed Release |
for this Vulnerability
|First Fixed Release for all 3 WLC Vulnerabilities|
HTTP Parsing DoS
|8.1 and later||not affected||-|
WLC Bonjour Task Manager DoS
|8.1 and later||not affected||-|
Management Interface DoS
|8.0 and later||not affected||-|