“);
replaceTable = $t(tmp).find(“table”);
if (!replaceTable.hasClass(“cisco-data-table-small”)) { replaceTable.addClass(“cisco-data-table-small”); }
if (replaceTable.hasClass(“cisco-data-table”)) { replaceTable.removeClass(“cisco-data-table”); }
if (replaceTable.attr(“id”)) { replaceTable.attr(“id”,replaceTable.attr(“id”)+”-small”); }
$t(this).find(“tr”).each(function (index) {
currentRowSpanCounter = 0;
if (!$t(this).hasClass(“data-table-header-row”) && !$t(this).hasClass(“data-table-section-header-row”)) {

$t(this).find(“th,td”).each(function (index) {
colIndex = index;

if (rowSpanIndexes.length > 0) {
for (r = 0; r 0) {
if (colIndex == r) {
replaceTable.find(“tbody:first”).append(“

“)
if ((rowCounter) % 2 == 0) {
replaceTable.find(“tbody:first > tr:last”).addClass(“data-table-alternate-row”);
}
}
colIndex = colIndex + 1;
}
}
}
colIndex = colIndex – currentRowSpanCounter;
if ($t(this).attr(“rowspan”) != undefined && $t(this).attr(“rowspan”) > 1) {
rowSpanIndexes[colIndex] = $t(this).attr(“rowspan”);
rowSpanCellArray[colIndex] = $t(this);
currentRowSpanCounter++;
}
if (!$t(this).hasClass(“data-table-caption-cell”) && !$t(this).hasClass(“data-table-header-cell”)) {
for(var cidx = index-1; cidx >=0; cidx–)
{
var cidxe = $t(this).parent().children()[cidx];
var cidxspan = $t(cidxe).attr(“colspan”);
if(cidxspan != undefined && cidxspan > 1)
{
colIndex = colIndex + (cidxspan – 1)
}
}

replaceTable.find(“tbody:first”).append(“

“)
if ((rowCounter) % 2 == 0) {
replaceTable.find(“tbody:first > tr:last”).addClass(“data-table-alternate-row”);
}
if ($t(this).attr(“colspan”) != undefined && $t(this).attr(“colspan”) > 1) {
var colSpan = $t(this).attr(“colspan”);
var cs = 1
do{
if ($t(this).attr(“rowspan”) != undefined && $t(this).attr(“rowspan”) > 1) {
rowSpanIndexes[cs+colIndex] = $t(this).attr(“rowspan”);
rowSpanCellArray[cs+colIndex] = $t(this);
currentRowSpanCounter++;
}
replaceTable.find(“tbody:first”).append(“

“)
if ((rowCounter) % 2 == 0) {
replaceTable.find(“tbody:first > tr:last”).addClass(“data-table-alternate-row”);
}
cs++;
}while(cs

“)
var newCell = $t(replaceTable).find(“tbody > tr:last > td:last”);
var newRow = $t(replaceTable).find(“tbody > tr:last”);
newRow.attr(“style”, $t(this).parent().attr(“style”));
newRow.addClass($t(this).parent().attr(“class”));
newCell.attr(“colspan”, 2);
newCell.attr(“style”, $t(this).attr(“style”));
newCell.addClass($t(this).attr(“class”));
}

});
rowCounter++;

}
else {
rowCounter = 1;
$t(this).find(“td,th”).each(function (index) {
colIndex = index;
if (rowSpanIndexes.length > 0) {
for (r = 0; r 0) { colIndex = colIndex + 1; }
}
}
if ($t(this).hasClass(“data-table-caption-cell”)) {

var captionColSpan = $t(this).attr(“colspan”);
for(var cidx = index-1; cidx >=0; cidx–)
{
var cidxe = $t(this).parent().children()[cidx];
var cidxspan = $t(cidxe).attr(“colspan”);
if(cidxspan != undefined && cidxspan > 1)
{
colIndex = colIndex + (cidxspan – 1)
}
}
currentCellCaption[colIndex] = $t(this).html();
for (c = colIndex + 1; c

“)
var newCell = $t(replaceTable).find(“tbody > tr:last > td:last”);
var newRow = $t(replaceTable).find(“tbody > tr:last”);
newRow.attr(“style”, $t(this).parent().attr(“style”));
newRow.addClass($t(this).parent().attr(“class”));
newCell.attr(“colspan”, 2);
newCell.attr(“style”, $t(this).attr(“style”));
newCell.addClass($t(this).attr(“class”));

}
});
}
for (r = 0; r 0) { rowSpanIndexes[r]–; }
}
});
scrollTable = false;
}
catch(tblexc){
console.log(tblexec);
scrollTable = true;
}
}

while (newIndex != -1) {
if ($t(this).hasClass(“cisco-data-table”) && !scrollTable) {
var c4 = replaceTable[0].outerHTML;
c3 = c2.replace(escTable, escTable + c4);
tmp = null;
}
else {
c3 = c2.replace(escTable, ‘

‘ + escTable + ‘

‘);
}

content = content.substring(0, newIndex) + c3;
newIndex = content.indexOf(escTable, newIndex + escTable.length);
if(newIndex != -1){
c2 = content.substring(newIndex,content.length);
}
}
}
if (update) {
parent.html(content);
}
});
});

$t(“.collapsible-link-list h2.ud-section-heading”).click(function () {
$t(this).toggleClass(“open”);
return false;
});
$t(“.ud-side-link-list h2.ud-section-heading”).click(function () {
$t(this).toggleClass(“open”);
return false;
});
$t(“.ud-main-link-list h2.ud-section-heading”).click(function () {
$t(this).toggleClass(“open”);
return false;
});

$t(“a.tableToggler”).click(function () {
if($t(this).prev(“table”).find(“tr:eq(3)”).length==0)
{
$t(this).toggle();
return;
}
if($t(this).text() == “Show Complete History…”)
{
$t(this).html(“Show Less”);
}
else
{
$t(this).html(“Show Complete History…”);
}
var $tr = $t(this).prev(“table”).find(“tr:eq(3)”).toggle();
$tr.nextAll().toggle();
}).prev(“table”).find(“tr:eq(3)”).show().end().end().trigger(‘click’);

$t(“a.relatedcontenttoggle”).click(function () {
if ($t(this).hasClass(“less”)) {
$t(this).removeClass(“less”);
$t(this).parent().find(“div.flexrow:eq(9)”).nextAll().addClass(“relatedoverflow-hidden”);
$t(this).text(“Show All “+relatedCount+”…”);
} else {
$t(this).addClass(“less”);
$t(this).parent().find(“div.flexrow:eq(9)”).nextAll().removeClass(“relatedoverflow-hidden”);
$t(this).text(“Show Less”);
}
return false;
});

//Dialog Handlers
hideDisalogs();

$t(window).resize(function(){
hideDisalogs();
});

$t(‘body’).click(function (e) {
hideDisalogs();
});

//Begin CVE
$t(‘.cves’).click(function (e) {
e.stopPropagation();
$t(“.cves”).show();
});

$t(‘.closeCVE’).click(function (e) {
e.stopPropagation();
$t(“.cves”).hide();
return false;
});

$t(‘.showCVE’).click(function (e) {
hideDisalogs();
e.stopPropagation();
var $cveIWidthDiv = $t(this).parent().parent().parent().find(“.cveParentIWidth”);
var $cveparentDiv = $t(this).parent().parent().parent().find(“.cves”);
var $content = $t(this).parent().parent().parent().find(“#fullcvecontent_content”);

var $this = $t(this);

showDialog($this, $cveIWidthDiv, $cveparentDiv, $content);

return false;
});
//End CVE

//Begin CWE
$t(‘.cwes’).click(function (e) {
e.stopPropagation();
$t(“.cwes”).show();
});

$t(‘.closeCWE’).click(function (e) {
e.stopPropagation();
$t(“.cwes”).hide();
return false;
})

$t(‘.showCWE’).click(function (e) {
hideDisalogs();
e.stopPropagation();
var $cveIWidthDiv = $t(this).parent().parent().parent().parent().find(“.cweParentIWidth”);
var $cveparentDiv = $t(this).parent().parent().parent().parent().find(“.cwes”);
var $content = $t(this).parent().parent().parent().parent().find(“#fullcwecontent_content”);

var $this = $t(this);

showDialog($this, $cveIWidthDiv, $cveparentDiv, $content);

return false;
});
//End CWE

//Begin DDTS Bug IDs
$t(‘.ddts’).click(function (e) {
e.stopPropagation();
$t(“.ddts”).show();
});

$t(‘.closeDDTS’).click(function (e) {
e.stopPropagation();
$t(“.ddts”).hide();
return false;
});

$t(‘.showDDTS’).click(function (e) {
hideDisalogs();
e.stopPropagation();
var $cveIWidthDiv = $t(this).parent().parent().parent().find(“.ddtsParentIWidth”);
var $cveparentDiv = $t(this).parent().parent().parent().find(“.ddts”);
var $content = $t(this).parent().parent().parent().find(“#fullddtscontent_content”);
var $this = $t(this);

showDialog($this, $cveIWidthDiv, $cveparentDiv, $content);

return false;
});
//End DDTS Bug IDs

});

function hideDisalogs() {
$t(“.cves”).hide();
$t(“.cwes”).hide();
$t(“.ddts”).hide();
}

function showDialog($this, $cveIWidthDiv, $cveparentDiv, $content) {
$cveIWidthDiv.html(“”);

var tempCVEArray = ($content.html()).split(“,”);
var totalCVE = tempCVEArray.length;
var parentWidth;
var ColclassName;
var colWidth;
var limitPerColumn = 0;
if (totalCVE “);
for (i = 0; i ” + tempCVEArray[i] + “”);
}
}

if (totalCVE > 20 && totalCVE “);
for (i = 0; i ” + tempCVEArray[i] + “”);
}

for (j = 20; j ” + tempCVEArray[j] + “”);
}
}

if ($t(window).width() > 768) {
if (totalCVE > 40 && totalCVE “);

for (i = 0; i ” + tempCVEArray[i] + “”);
}

for (j = 20; j ” + tempCVEArray[j] + “”);
}

for (k = 40; k ” + tempCVEArray[k] + “”);
}

}

if (totalCVE > 60) {
ColclassName = “threeCol”;
colWidth = “33.33%”;
limitPerColumn = parseInt(totalCVE / 3);
var lim_remainder = totalCVE % 3;
var lim1 = limitPerColumn;
var lim2 = 2 * limitPerColumn;;
var lim3 = totalCVE;
if (lim_remainder == 1) {
lim1 = limitPerColumn + 1;
lim2 = limitPerColumn + lim1;
}
if (lim_remainder == 2) {
lim1 = limitPerColumn + 1;
lim2 = limitPerColumn + lim1 + 1;
}

$cveIWidthDiv.append(” “);
$cveIWidthDiv.css(“overflow”, “auto”);

for (i = 0; i ” + tempCVEArray[i] + “”);
}
for (j = lim1; j ” + tempCVEArray[j] + “”);
}
for (k = lim2; k ” + tempCVEArray[k] + “”);
}

}
}

if ($t(window).width() 40) {
ColclassName = “twoCol”;
colWidth = “50%”;
parentWidth = “300px”;
$cveparentDiv.css(“width”, parentWidth);
limitPerColumn = parseInt(totalCVE / 2);
var lim_remainder = totalCVE % 2;
var lim1 = limitPerColumn;
var lim2 = totalCVE;
if (lim_remainder == 1) {
lim1 = limitPerColumn + 1;
}
$cveIWidthDiv.append(” “);
$cveIWidthDiv.css(“overflow”, “auto”);
for (i = 0; i ” + tempCVEArray[i] + “”);
}

for (j = lim1; j ” + tempCVEArray[j] + “”);
}

}
}

$cveparentDiv.slideDown(300);

var cvwidth = 40;
$cveparentDiv.find(“.cvecolumn”).each(function () {
cvwidth = cvwidth + $t(this).width() + 35;
});

$cveparentDiv.css(“width”, cvwidth);

if ($t(window).width() > 768) {
var cveboxheight = 300;
var scrltop = $cveparentDiv.offset().top – 50;
$t(‘html, body’).animate({
scrollTop: scrltop
}, 500);
$cveparentDiv.transpose
}
}

function cvssToClip(){
var target = document.getElementById(“hdncvssvector”);
var currentFocus = document.activeElement;
target.focus();
target.setSelectionRange(0, target.value.length);
// copy the selection
var succeed;
try {
succeed = document.execCommand(“copy”,false,target.value);
} catch(e) {
succeed = false;
}
// restore original focus
if (currentFocus && typeof currentFocus.focus === “function”) {
currentFocus.focus();
}
}

‘+h2+’

‘ + moretext + ‘‘;
$t(this).html(html);
$t(this).find(“div.full”).toggle();
}
}
}
catch(exc){
console.log(exc);
$t(this).html(htmlBase);
}

});

$t(“.morelink”).click(function () {
if ($t(this).hasClass(“less”)) {
$t(this).removeClass(“less”);
$t(this).text(moretext);
} else {
$t(this).addClass(“less”);
$t(this).text(lesstext);
}
$t(this).parent().find(“div.snippet”).toggle();
$t(this).parent().find(“div.full”).toggle();
return false;
});

//$t(“.btnShowMoreRows”).click(function () {
//$t(‘table’).find(‘tr:gt(3)’).toggle();
//});

var rowCounter = 1;
var rowSpanIndexes = [];
var adjustedIndex = 0;
var currentRowSpanCounter = 0;
var currentCellCaption = [];
var colIndex = 0;
var rowSpanCellArray = [];

$t(‘#ud-master-container’).find(‘table’).not($t(‘#ud-revision-history’).find(‘table’)).parent().each(function () {
var parent = $t(this);//.parent();
var content = $t(this).html();//.parent().html();
var update = false;
var tblStrings = “”;
parent.find(‘table’).each(function () {
update = true;
var escTable = $t(this)[0].outerHTML;
var newIndex = content.indexOf(escTable);
if (tblStrings.indexOf(escTable) == -1) {
currentCellCaption = [0];
tblStrings += escTable;
var c2 = content.substring(newIndex);
var c3 = c2;
var scrollTable = false;
if ($t(this).hasClass(“cisco-data-table”)) {
try{
rowSpanIndexes = [];
rowCounter = 1;
var tmp = $t(document.createElement(‘div’))
$t(this).clone().appendTo(tmp);
var replaceTable = $t(tmp).find(“table”);
replaceTable.find(“tr,td,tbody,thead”).remove();
replaceTable.append(“

” + currentCellCaption[r] + “ ” + $t(rowSpanCellArray[r]).html() + “
” + currentCellCaption[colIndex] + “ ” + $t(this).html() + “
” + currentCellCaption[cs+colIndex] + “ ” + $t(this).html() + “
” + $t(this).html() + “ ” + $t(this).html() + “
Product Cisco Bug ID Fixed Release Availability
Cisco Meeting Management (CMM) CSCvk69487
Cisco Expressway Series CSCvk74922
Cisco TelePresence Video Communication Server (VCS) CSCvk74922
Cisco TelePresence Conductor CSCvk75754

The following table lists Cisco products that are affected by the FreeBSD vulnerability that is described in this advisory:

Product Cisco Bug ID Fixed Release Availability
Cisco Email Security Appliance (ESA) CSCvk74109
Cisco Web Security Appliance (WSA) CSCvk74112
Cisco Content Security Management Appliance (SMA) CSCvk74266


Cisco is investigating its product line to determine which products may be affected by these vulnerabilities and the impact on each affected product. This section will be updated as information is available.


Workarounds

  • Any workarounds will be documented in the product-specific Cisco bugs, which are identified in the “Vulnerable Products” section of this advisory.

    It is important to note that exploitation of these vulnerabilities requires an attacker to establish a TCP three-way handshake with an
    open TCP port on an affected device. Customers are therefore advised to use an external
    firewall to allow only explicitly trusted source IP addresses to connect to open TCP ports on affected devices.

Fixed Software

  • For information about fixed software releases, consult the Cisco bugs identified in the “Vulnerable Products” section of this advisory.

    When considering software upgrades, customers are advised to
    regularly consult the advisories for Cisco products, which are available
    from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and
    software configurations will continue to be supported properly by the
    new release. If the information is not clear, customers are advised to
    contact the Cisco TAC or their contracted maintenance providers.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory.

Source

  • These vulnerabilities were reported by Juha-Matti Tilli, of the Aalto University Department of Communications and Networking, and Nokia Bell Labs.