Cisco released security updates for several products today, one of which fixes a flaw that could allow remote execution if exploited.
Cisco’s ASA Software Identity Firewall, CVE-2016-6432, patch repairs a buffer overflow issue that can be exploited through a specially crafted NetBIOS packet leading to the execution of arbitrary code.
Cisco Firepower System Software’s flaw, CVE-2016-6439, is due to the improper handling of an HTTP packet stream that can create a Denial of Service condition if not patched.
The company’s ASA Software’s problem, CVE-2016-6431, would allow an attacker to cause a reload if he sent a crafted enrollment request to the infected system.
Cisco Meeting Server required two patches for CVE-2016-6446 and CVE-2016-6444. The former could allow an attacker to retrieve memory from a connected server and the latter would allow a cross-site request forgery against a Web Bridge user.