Cisco released updates for a trio of products that if exploited could lead to a denial of service (DoS) condition for each.
The first of the three high rated vulnerabilities (CVE-2018-0296) is in Cisco AsyncOS Software for Cisco Web Security Appliances. The flaw could allow an unauthenticated attacker to create a scenario where a device reloads automatically resulting in a DoS condition. There is also a possibility the attacker can stop the reload condition, but all the actor to view sensitive information using directory traversal techniques, Cisco said.
The second issue (CVE-2018-0409) affects XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway. If exploited a malicious actor could cause a temporary service outage for all IM&P users, resulting in a DoS situation.
The final vulnerability (CVE-2018-0296 ) involves Cisco’s Adaptive Security Appliance is similar to the first problem in that it can cause unwanted reloads creating a DoS condition and could again allow information to be released, Cisco reported.
Updates that mitigate these flaws are available for all three products.