Patch/Configuration Management, Vulnerability Management

Cisco releates five security patches


Cisco released security updates for several products today, one of which fixes a flaw that could allow remote execution if exploited.

Cisco's ASA Software Identity Firewall, CVE-2016-6432, patch repairs a buffer overflow issue that can be exploited through a specially crafted NetBIOS packet leading to the execution of arbitrary code.

Cisco Firepower System Software's flaw, CVE-2016-6439, is due to the improper handling of an HTTP packet stream that can create a Denial of Service condition if not patched.

The company's ASA Software's problem, CVE-2016-6431, would allow an attacker to cause a reload if he sent a crafted enrollment request to the infected system.

Cisco Meeting Server required two patches for CVE-2016-6446 and CVE-2016-6444. The former could allow an attacker to retrieve memory from a connected server and the latter would allow a cross-site request forgery against a Web Bridge user.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.