Cisco releases patch to fix three high security bugs

On January 17, Cisco releases the patches for Cisco Unified Customer Voice Portal (CVP), Cisco Email Security Appliance (ESA) and Cisco NX-OS Software. An attacker can exploit these vulnerabilities to cause a denial of service (DoS) condition or escalate privilege level and gain root access. CVEs of the three critical vulnerabilities are CVE-2018-0102, CVE-2018-0095, and CVE-2018-0086. Users should install patches as soon as possible.

• CVE-2018-0102
   A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
  Afftected Products
  

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7700 Series Switches

  Download the patch

• CVE-2018-0095
  A vulnerability in the administrative shell of the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user.
  Afftected Products
  all Cisco Email Security Appliance software versions
  Download the patch
• CVE-2018-0086
  A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.
  Afftected Products
  Cisco Unified CVP running any software release prior to 11.6(1)
  Download the patch