Cisco’s ASA Software Identity Firewall flaw could allow remote code execution.
Cisco’s ASA Software Identity Firewall flaw could allow remote code execution.

Cisco released security updates for several products today, one of which fixes a flaw that could allow remote execution if exploited.

Cisco's ASA Software Identity Firewall, CVE-2016-6432, patch repairs a buffer overflow issue that can be exploited through a specially crafted NetBIOS packet leading to the execution of arbitrary code.

Cisco Firepower System Software's flaw, CVE-2016-6439, is due to the improper handling of an HTTP packet stream that can create a Denial of Service condition if not patched.

The company's ASA Software's problem, CVE-2016-6431, would allow an attacker to cause a reload if he sent a crafted enrollment request to the infected system.

Cisco Meeting Server required two patches for CVE-2016-6446 and CVE-2016-6444. The former could allow an attacker to retrieve memory from a connected server and the latter would allow a cross-site request forgery against a Web Bridge user.