7.2 - cisco-sa-20181107-vcsd

A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco in validation scripts to be included in shipping software images. This includes an exploit for the Dirty CoW vulnerability (CVE-2016-5195). The purpose of this QA validation step is to make sure the Cisco product contains the required fixes for this vulnerability.

The presence of the sample, dormant exploit code does not represent nor allow an exploitable vulnerability on the product, nor does it present a risk to the product itself as all of the required patches for this vulnerability have been integrated into all shipping software images.

The affected software images have proactively been removed from the Cisco Software Center and will soon be replaced with fixed software images. Bug ID CSCvn17278 has been opened to track this issue.

Customers that still require access to the affected software images and have a valid cisco.com account will need to open a case with the Cisco TAC and submit a request for Special File access ["https://www.cisco.com/cgi-bin/Software/SFA/sfa.cgi"] in order to download the software images.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJb5LOqXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczhmEP/0U7mRsIfRK1O3E+LjoYBNaSBIwX XOltnVr/QlQeKY0N/CQyOy8aB6H3qQ/PWGMjZ/9VVs7rGoevc3C50VSn4SeTT31l Rr7fabTD0dpg600urnT7CckwvYjhAZxJtYQD7PKcUXUEboah9A/jW7TIpFqbzMj5 w2YCchlNlvXXlo8bEXp+5g9icWLPjHWelueg5v5WwGLUue0wWIsncshUodIfrFYv q1KgW8+hkm6QpOGi9SZ8iotNB0LuzB+aNDG0oIl9be/KgG2dfhP6VT0J48JoABc1 5FlFo10iFtC6MyjD2BSFmGVXKAKIcFlhZDiI8eM/lhVTnegclwIhpsVY9Zi6v6Db GowHlzsV7Wz9hdGIqFoJ5k7Jh7Aez0CNPjEe7ukXw+dFW4ZS4fjaDFi7Zg5bp52L UIRiNPBcGOqhBkA07GB4YiMnNw2USpYab9COD7NQVMWwGjRSvfaY/eILOZJD7W2G m2NrsNb1QQx5pGnMMagbh7Gk6Jei5VowrGayO18Ek3ff1MUxKaYZxlDU9uEtsEDz 3M2Mfk1x/Fm88AxJwaGb4G0wWNfF//I02Qg2wy/QGUAql/wjg4yGYr0qwKKkgia1 Eylse1OcmBLTgrI+I/SLdesOvgwOvsU/Lj4vxq+fDiHY9SA6MjGYzWSPOCa3FiGA LTRPnUA//4Eqdn9Z =HvDq END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com