“);
replaceTable = $t(tmp).find(“table”);
if (!replaceTable.hasClass(“cisco-data-table-small”)) { replaceTable.addClass(“cisco-data-table-small”); }
if (replaceTable.hasClass(“cisco-data-table”)) { replaceTable.removeClass(“cisco-data-table”); }
if (replaceTable.attr(“id”)) { replaceTable.attr(“id”,replaceTable.attr(“id”)+”-small”); }
$t(this).find(“tr”).each(function (index) {
currentRowSpanCounter = 0;
if (!$t(this).hasClass(“data-table-header-row”) && !$t(this).hasClass(“data-table-section-header-row”)) {

$t(this).find(“th,td”).each(function (index) {
colIndex = index;

if (rowSpanIndexes.length > 0) {
for (r = 0; r 0) {
if (colIndex == r) {
replaceTable.find(“tbody:first”).append(“

“)
if ((rowCounter) % 2 == 0) {
replaceTable.find(“tbody:first > tr:last”).addClass(“data-table-alternate-row”);
}
}
colIndex = colIndex + 1;
}
}
}
colIndex = colIndex – currentRowSpanCounter;
if ($t(this).attr(“rowspan”) != undefined && $t(this).attr(“rowspan”) > 1) {
rowSpanIndexes[colIndex] = $t(this).attr(“rowspan”);
rowSpanCellArray[colIndex] = $t(this);
currentRowSpanCounter++;
}
if (!$t(this).hasClass(“data-table-caption-cell”) && !$t(this).hasClass(“data-table-header-cell”)) {
for(var cidx = index-1; cidx >=0; cidx–)
{
var cidxe = $t(this).parent().children()[cidx];
var cidxspan = $t(cidxe).attr(“colspan”);
if(cidxspan != undefined && cidxspan > 1)
{
colIndex = colIndex + (cidxspan – 1)
}
}

replaceTable.find(“tbody:first”).append(“

“)
if ((rowCounter) % 2 == 0) {
replaceTable.find(“tbody:first > tr:last”).addClass(“data-table-alternate-row”);
}
if ($t(this).attr(“colspan”) != undefined && $t(this).attr(“colspan”) > 1) {
var colSpan = $t(this).attr(“colspan”);
var cs = 1
do{
if ($t(this).attr(“rowspan”) != undefined && $t(this).attr(“rowspan”) > 1) {
rowSpanIndexes[cs+colIndex] = $t(this).attr(“rowspan”);
rowSpanCellArray[cs+colIndex] = $t(this);
currentRowSpanCounter++;
}
replaceTable.find(“tbody:first”).append(“

“)
if ((rowCounter) % 2 == 0) {
replaceTable.find(“tbody:first > tr:last”).addClass(“data-table-alternate-row”);
}
cs++;
}while(cs

“)
var newCell = $t(replaceTable).find(“tbody > tr:last > td:last”);
var newRow = $t(replaceTable).find(“tbody > tr:last”);
newRow.attr(“style”, $t(this).parent().attr(“style”));
newRow.addClass($t(this).parent().attr(“class”));
newCell.attr(“colspan”, 2);
newCell.attr(“style”, $t(this).attr(“style”));
newCell.addClass($t(this).attr(“class”));
}

});
rowCounter++;

}
else {
rowCounter = 1;
$t(this).find(“td,th”).each(function (index) {
colIndex = index;
if (rowSpanIndexes.length > 0) {
for (r = 0; r 0) { colIndex = colIndex + 1; }
}
}
if ($t(this).hasClass(“data-table-caption-cell”)) {

var captionColSpan = $t(this).attr(“colspan”);
for(var cidx = index-1; cidx >=0; cidx–)
{
var cidxe = $t(this).parent().children()[cidx];
var cidxspan = $t(cidxe).attr(“colspan”);
if(cidxspan != undefined && cidxspan > 1)
{
colIndex = colIndex + (cidxspan – 1)
}
}
currentCellCaption[colIndex] = $t(this).html();
for (c = colIndex + 1; c

“)
var newCell = $t(replaceTable).find(“tbody > tr:last > td:last”);
var newRow = $t(replaceTable).find(“tbody > tr:last”);
newRow.attr(“style”, $t(this).parent().attr(“style”));
newRow.addClass($t(this).parent().attr(“class”));
newCell.attr(“colspan”, 2);
newCell.attr(“style”, $t(this).attr(“style”));
newCell.addClass($t(this).attr(“class”));

}
});
}
for (r = 0; r 0) { rowSpanIndexes[r]–; }
}
});
scrollTable = false;
}
catch(tblexc){
console.log(tblexec);
scrollTable = true;
}
}

while (newIndex != -1) {
if ($t(this).hasClass(“cisco-data-table”) && !scrollTable) {
var c4 = replaceTable[0].outerHTML;
c3 = c2.replace(escTable, escTable + c4);
tmp = null;
}
else {
c3 = c2.replace(escTable, ‘

‘ + escTable + ‘

‘);
}

content = content.substring(0, newIndex) + c3;
newIndex = content.indexOf(escTable, newIndex + escTable.length);
if(newIndex != -1){
c2 = content.substring(newIndex,content.length);
}
}
}
if (update) {
parent.html(content);
}
});
});

$t(“.collapsible-link-list h2.ud-section-heading”).click(function () {
$t(this).toggleClass(“open”);
return false;
});
$t(“.ud-side-link-list h2.ud-section-heading”).click(function () {
$t(this).toggleClass(“open”);
return false;
});
$t(“.ud-main-link-list h2.ud-section-heading”).click(function () {
$t(this).toggleClass(“open”);
return false;
});

$t(“a.tableToggler”).click(function () {
if($t(this).prev(“table”).find(“tr:eq(3)”).length==0)
{
$t(this).toggle();
return;
}
if($t(this).text() == “Show Complete History…”)
{
$t(this).html(“Show Less”);
}
else
{
$t(this).html(“Show Complete History…”);
}
var $tr = $t(this).prev(“table”).find(“tr:eq(3)”).toggle();
$tr.nextAll().toggle();
}).prev(“table”).find(“tr:eq(3)”).show().end().end().trigger(‘click’);

$t(“a.relatedcontenttoggle”).click(function () {
if ($t(this).hasClass(“less”)) {
$t(this).removeClass(“less”);
$t(this).parent().find(“div.flexrow:eq(9)”).nextAll().addClass(“relatedoverflow-hidden”);
$t(this).text(“Show All “+relatedCount+”…”);
} else {
$t(this).addClass(“less”);
$t(this).parent().find(“div.flexrow:eq(9)”).nextAll().removeClass(“relatedoverflow-hidden”);
$t(this).text(“Show Less”);
}
return false;
});

//Dialog Handlers
hideDisalogs();

$t(window).resize(function(){
hideDisalogs();
});

$t(‘body’).click(function (e) {
hideDisalogs();
});

//Begin CVE
$t(‘.cves’).click(function (e) {
e.stopPropagation();
$t(“.cves”).show();
});

$t(‘.closeCVE’).click(function (e) {
e.stopPropagation();
$t(“.cves”).hide();
return false;
});

$t(‘.showCVE’).click(function (e) {
hideDisalogs();
e.stopPropagation();
var $cveIWidthDiv = $t(this).parent().parent().parent().find(“.cveParentIWidth”);
var $cveparentDiv = $t(this).parent().parent().parent().find(“.cves”);
var $content = $t(this).parent().parent().parent().find(“#fullcvecontent_content”);

var $this = $t(this);

showDialog($this, $cveIWidthDiv, $cveparentDiv, $content);

return false;
});
//End CVE

//Begin CWE
$t(‘.cwes’).click(function (e) {
e.stopPropagation();
$t(“.cwes”).show();
});

$t(‘.closeCWE’).click(function (e) {
e.stopPropagation();
$t(“.cwes”).hide();
return false;
})

$t(‘.showCWE’).click(function (e) {
hideDisalogs();
e.stopPropagation();
var $cveIWidthDiv = $t(this).parent().parent().parent().parent().find(“.cweParentIWidth”);
var $cveparentDiv = $t(this).parent().parent().parent().parent().find(“.cwes”);
var $content = $t(this).parent().parent().parent().parent().find(“#fullcwecontent_content”);

var $this = $t(this);

showDialog($this, $cveIWidthDiv, $cveparentDiv, $content);

return false;
});
//End CWE

//Begin DDTS Bug IDs
$t(‘.ddts’).click(function (e) {
e.stopPropagation();
$t(“.ddts”).show();
});

$t(‘.closeDDTS’).click(function (e) {
e.stopPropagation();
$t(“.ddts”).hide();
return false;
});

$t(‘.showDDTS’).click(function (e) {
hideDisalogs();
e.stopPropagation();
var $cveIWidthDiv = $t(this).parent().parent().parent().find(“.ddtsParentIWidth”);
var $cveparentDiv = $t(this).parent().parent().parent().find(“.ddts”);
var $content = $t(this).parent().parent().parent().find(“#fullddtscontent_content”);
var $this = $t(this);

showDialog($this, $cveIWidthDiv, $cveparentDiv, $content);

return false;
});
//End DDTS Bug IDs

});

function hideDisalogs() {
$t(“.cves”).hide();
$t(“.cwes”).hide();
$t(“.ddts”).hide();
}

function showDialog($this, $cveIWidthDiv, $cveparentDiv, $content) {
$cveIWidthDiv.html(“”);

var tempCVEArray = ($content.html()).split(“,”);
var totalCVE = tempCVEArray.length;
var parentWidth;
var ColclassName;
var colWidth;
var limitPerColumn = 0;
if (totalCVE “);
for (i = 0; i ” + tempCVEArray[i] + “”);
}
}

if (totalCVE > 20 && totalCVE “);
for (i = 0; i ” + tempCVEArray[i] + “”);
}

for (j = 20; j ” + tempCVEArray[j] + “”);
}
}

if ($t(window).width() > 768) {
if (totalCVE > 40 && totalCVE “);

for (i = 0; i ” + tempCVEArray[i] + “”);
}

for (j = 20; j ” + tempCVEArray[j] + “”);
}

for (k = 40; k ” + tempCVEArray[k] + “”);
}

}

if (totalCVE > 60) {
ColclassName = “threeCol”;
colWidth = “33.33%”;
limitPerColumn = parseInt(totalCVE / 3);
var lim_remainder = totalCVE % 3;
var lim1 = limitPerColumn;
var lim2 = 2 * limitPerColumn;;
var lim3 = totalCVE;
if (lim_remainder == 1) {
lim1 = limitPerColumn + 1;
lim2 = limitPerColumn + lim1;
}
if (lim_remainder == 2) {
lim1 = limitPerColumn + 1;
lim2 = limitPerColumn + lim1 + 1;
}

$cveIWidthDiv.append(” “);
$cveIWidthDiv.css(“overflow”, “auto”);

for (i = 0; i ” + tempCVEArray[i] + “”);
}
for (j = lim1; j ” + tempCVEArray[j] + “”);
}
for (k = lim2; k ” + tempCVEArray[k] + “”);
}

}
}

if ($t(window).width() 40) {
ColclassName = “twoCol”;
colWidth = “50%”;
parentWidth = “300px”;
$cveparentDiv.css(“width”, parentWidth);
limitPerColumn = parseInt(totalCVE / 2);
var lim_remainder = totalCVE % 2;
var lim1 = limitPerColumn;
var lim2 = totalCVE;
if (lim_remainder == 1) {
lim1 = limitPerColumn + 1;
}
$cveIWidthDiv.append(” “);
$cveIWidthDiv.css(“overflow”, “auto”);
for (i = 0; i ” + tempCVEArray[i] + “”);
}

for (j = lim1; j ” + tempCVEArray[j] + “”);
}

}
}

$cveparentDiv.slideDown(300);

var cvwidth = 40;
$cveparentDiv.find(“.cvecolumn”).each(function () {
cvwidth = cvwidth + $t(this).width() + 35;
});

$cveparentDiv.css(“width”, cvwidth);

if ($t(window).width() > 768) {
var cveboxheight = 300;
var scrltop = $cveparentDiv.offset().top – 50;
$t(‘html, body’).animate({
scrollTop: scrltop
}, 500);
$cveparentDiv.transpose
}
}

function cvssToClip(){
var target = document.getElementById(“hdncvssvector”);
var currentFocus = document.activeElement;
target.focus();
target.setSelectionRange(0, target.value.length);
// copy the selection
var succeed;
try {
succeed = document.execCommand(“copy”,false,target.value);
} catch(e) {
succeed = false;
}
// restore original focus
if (currentFocus && typeof currentFocus.focus === “function”) {
currentFocus.focus();
}
}

‘+h2+’

‘ + moretext + ‘‘;
$t(this).html(html);
$t(this).find(“div.full”).toggle();
}
}
}
catch(exc){
console.log(exc);
$t(this).html(htmlBase);
}

});

$t(“.morelink”).click(function () {
if ($t(this).hasClass(“less”)) {
$t(this).removeClass(“less”);
$t(this).text(moretext);
} else {
$t(this).addClass(“less”);
$t(this).text(lesstext);
}
$t(this).parent().find(“div.snippet”).toggle();
$t(this).parent().find(“div.full”).toggle();
return false;
});

//$t(“.btnShowMoreRows”).click(function () {
//$t(‘table’).find(‘tr:gt(3)’).toggle();
//});

var rowCounter = 1;
var rowSpanIndexes = [];
var adjustedIndex = 0;
var currentRowSpanCounter = 0;
var currentCellCaption = [];
var colIndex = 0;
var rowSpanCellArray = [];

$t(‘#ud-master-container’).find(‘table’).not($t(‘#ud-revision-history’).find(‘table’)).parent().each(function () {
var parent = $t(this);//.parent();
var content = $t(this).html();//.parent().html();
var update = false;
var tblStrings = “”;
parent.find(‘table’).each(function () {
update = true;
var escTable = $t(this)[0].outerHTML;
var newIndex = content.indexOf(escTable);
if (tblStrings.indexOf(escTable) == -1) {
currentCellCaption = [0];
tblStrings += escTable;
var c2 = content.substring(newIndex);
var c3 = c2;
var scrollTable = false;
if ($t(this).hasClass(“cisco-data-table”)) {
try{
rowSpanIndexes = [];
rowCounter = 1;
var tmp = $t(document.createElement(‘div’))
$t(this).clone().appendTo(tmp);
var replaceTable = $t(tmp).find(“table”);
replaceTable.find(“tr,td,tbody,thead”).remove();
replaceTable.append(“

” + currentCellCaption[r] + “ ” + $t(rowSpanCellArray[r]).html() + “
” + currentCellCaption[colIndex] + “ ” + $t(this).html() + “
” + currentCellCaption[cs+colIndex] + “ ” + $t(this).html() + “
” + $t(this).html() + “ ” + $t(this).html() + “
Product Cisco Bug ID Fixed Release Availability
Cisco WebEx Meetings Server Release 1.x CSCvb85516 2.7MR2 (25-Nov-2016)
2.5MR6 (8-Dec-2016)
2.0MR9 (15-Dec-2016)
Cisco WebEx Meetings Server Release 2.x CSCvb85516 2.7MR2 (25-Nov-2016)
2.5MR6 (8-Dec-2016)
2.0MR9 (15-Dec-2016)
Cisco Jabber Guest CSCvb85719 11.0 (30-Nov-2016)
Cisco Visual Quality Experience Server CSCvb85616 Affected versions have been updated.
Cisco Visual Quality Experience Tools Server CSCvb85616 Affected versions have been updated.
Cisco Policy Suite CSCvb96355
Cisco Prime Access Registrar CSCvb85559 7.2.1 (Dec. 2016)
Cisco Prime Collaboration Provisioning CSCvb85571 12.1 (23-Feb-2017)
Cisco Prime Data Center Network Manager CSCvb85528 10.1.2 (15-Nov-2016)
Cisco Prime Service Catalog Virtual Appliance CSCvb85607
Cisco Videoscape Distribution Suite Service Manager CSCvb85583 3.4.0 (25- Nov-2016)
Cisco Application Policy Infrastructure Controller (APIC) CSCvb85529 2.2.1 (15-Jan-2017)
Cisco Connected Grid Routers – Running Cisco CG-OS Software CSCvb85526 15.6(3)M1 (25-Nov-2016)
Cisco MITG RHEL OS CSCvb94748
Cisco Nexus 9000 Series Fabric Switches – ACI mode CSCvb85531
Cisco onePK All-in-One Virtual Machine CSCvb85633 No fix is expected. Use Update Manager Tool in Ubuntu to keep software up to date.
Cisco Common Services Platform Collector CSCvb85487 Fix is currently available.
Cisco UCS Director CSCvb87054 6.0.1 (23-Nov-2016)
Cisco DX Series IP Phones CSCvb85725
Cisco IP Interoperability and Collaboration System (IPICS) CSCvb85609 Affected versions will be updated (11-Nov-2016)
Cisco Paging Server (InformaCast) CSCvb85713 11.5.2.1 (25-Nov-2016)
Cisco Paging Server CSCvb85713 11.5.2.1 (25-Nov-2016)
Cisco 4300 Series Digital Media Players CSCvb85587 5.3.6RB4 (15-Nov-2016)
5.4.1(RB4) (15-Nov-2016)
Cisco 4400 Series Digital Media Players CSCvb85587 5.3.6RB4 (15-Nov-2016)
5.4.1(RB4) (15-Nov-2016)
Cisco Cloud Object Storage CSCvb85613 4.2.0 (30-Mar-2017)
Cisco DCM Series D990x Digital Content Manager CSCvb85547 19.10.0 ( 22-Dec-2016)
Cisco Edge 300 Digital Media Player CSCvb85669 1.6RB5 (25-Nov-2016)
Cisco Edge 340 Digital Media Player CSCvb85671 1.2RB1.03 (25-Nov-2016)
Cisco Expressway Series CSCvb85606 X8.9 (5-Dec-2016)
Cisco MXE 3500 Series Media Experience Engines CSCvb85595 3.5.2 (4-Nov-2016)
Cisco TelePresence Video Communication Server (VCS) CSCvb85606 X8.9 (5-Dec-2016)
Cisco VDS Recorder CSCvb85610 4.6.0 (31-Mar-2017)
Cisco VDS-TV Caching Nodes CSCvb85610 4.6.0 (31-Mar-2017)
Cisco VDS-TV Streamer CSCvb85610 4.6.0 (31-Mar-2017)
Cisco VDS-TV Vault CSCvb85610 4.6.0 (31-Mar-2017)
Cisco Video Surveillance Media Server CSCvb85647 7.9 (23-Nov-2016)
Cisco Videoscape Distribution Suite Transparent Caching CSCvb85679
Cisco Videoscape Distribution Suite Video Recording CSCvb85614 4.2.0 (30-Mar-2017)
Cisco Mobility Services Engine CSCvb85564 8.0.150.0 (31-Dec-2016)
Cisco Prime Network Change and Configuration Management CSCvb85490
Cisco Smart Net Total Care – OnPrem CSCvb89698 1.1.1 (14-Nov-2016)

Products noted below as “not vulnerable” may still run an affected software version. However, Cisco’s application of the software in these products does not include the features that would enable an exploit.

Collaboration and Social Media

  • Cisco Meeting Server
  • Cisco SocialMiner
  • Cisco Unified MeetingPlace
  • Cisco WebEx Node for MCS

Endpoint Clients and Client Software

  • Cisco Agent for OpenFlow
  • Cisco AnyConnect Secure Mobility Client for Desktop Platforms
  • Cisco Jabber Client Framework (JCF) Components
  • Cisco Jabber Software Development Kit
  • Cisco Jabber for Android
  • Cisco Jabber for Mac
  • Cisco Jabber for Windows
  • Cisco WebEx Meetings for Android

Network Application, Service, and Acceleration

  • Cisco ACE 4710 Application Control Engine – Running Software Release A5
  • Cisco ACE10 and ACE20 Application Control Engines
  • Cisco ACE30 Application Control Engine Module
  • Cisco Application and Content Networking System (ACNS)
  • Cisco Extensible Network Controller (XNC)
  • Cisco Nexus Data Broker

Network and Content Security Devices

  • Cisco ASA Next-Generation Firewall Services
  • Cisco Adaptive Security Appliance (ASA) Software
  • Cisco Clean Access Manager
  • Cisco Content Security Appliance Update Servers
  • Cisco Content Security Management Appliance (SMA)
  • Cisco Email Security Appliance (ESA)
  • Cisco FireSIGHT System Software
  • Cisco Identity Services Engine (ISE)
  • Cisco Intrusion Prevention System (IPS) Solutions
  • Cisco NAC Appliance – Clean Access Server
  • Cisco NAC Guest Server
  • Cisco Physical Access Gateways
  • Cisco Physical Access Manager
  • Cisco Secure Access Control System (ACS)
  • Cisco Virtual Security Gateway for Microsoft Hyper-V
  • Cisco Web Security Appliance (WSA)

Network Management and Provisioning

  • Cisco Application Networking Manager
  • Cisco Configuration Professional
  • Cisco Digital Media Manager
  • Cisco Evolved Programmable Network Manager
  • Cisco Insight Reporter
  • Cisco Management Appliance
  • Cisco Multicast Manager
  • Cisco NetFlow Generation Appliance
  • Cisco Network Analysis Module
  • Cisco Packet Tracer
  • Cisco Prime Central for Service Providers
  • Cisco Prime Home
  • Cisco Prime IP Express
  • Cisco Prime Infrastructure
  • Cisco Prime LAN Management Solution – Solaris
  • Cisco Prime LAN Management Solution
  • Cisco Prime License Manager
  • Cisco Prime Network Registrar IP Address Manager (IPAM)
  • Cisco Prime Network Registrar
  • Cisco Prime Network Services Controller
  • Cisco Prime Network
  • Cisco Prime Optical for Service Providers
  • Cisco Prime Performance Manager
  • Cisco Security Manager
  • Cisco Smart Net Total Care – Local Collector appliance
  • Cisco UCS Central Software
  • Cisco Unified Intelligence Center

Routing and Switching – Enterprise and Service Provider

  • Cisco 910 Industrial Router
  • Cisco ASR 5000 Series
  • Cisco ASR 9000 (eXR)
  • Cisco ASR 9000 Series Aggregated Services Router Virtualized Services Module
  • Cisco ASR 9000 Series Integrated Service Modules
  • Cisco Broadband Access Center for Telco and Wireless
  • Cisco CRS Carrier Grade Services Engine CRS-CGSE-PLIM Module
  • Cisco CRS Carrier Grade Services Engine CRS-CGSE-PLUS Module
  • Cisco IOS Software
  • Cisco IOS XE Software Release 16.2.x
  • Cisco IOS XE Software for ASR903, ASR1000, CSR1000V, and ISR4400 Routers
  • Cisco IOS XE Software
  • Cisco IOS XR Software (Cisco ASR9K, CRS and C12K running QNX Neutrino operating system)
  • Cisco IOS XR Software for Cisco Network Convergence System 6000 Series Routers
  • Cisco IOS XR Software for Network Convergence System 4000 Series Routers
  • Cisco MDS 9000 Series Multilayer Switches
  • Cisco NCS1000
  • Cisco NCS5000
  • Cisco NCS5500
  • Cisco Nexus 1000V InterCloud
  • Cisco Nexus 1000V Series Switches
  • Cisco Nexus 3000 Series Switches
  • Cisco Nexus 4000 Series Blade Switches
  • Cisco Nexus 5000 Series Switches
  • Cisco Nexus 6000 Series Switches
  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 9000 Series Switches – Standalone, NX-OS mode
  • Cisco ONS 15454 Series Multiservice Provisioning Platforms
  • Cisco Service Control Operating System
  • Cisco XRv 9000

Routing and Switching – Small Business

  • Cisco 220 Series Smart Plus (Sx220) Switches
  • Cisco 500 Series Stackable (Sx500) Managed Switches
  • Cisco Small Business 300 Series (Sx300) Managed Switches

Unified Computing

  • Cisco UCS 6200 Series Fabric Interconnects
  • Cisco UCS 6200 Series and 6300 Series Fabric Interconnects
  • Cisco UCS Accelerated Deployment Assistant
  • Cisco UCS E-Series Servers
  • Cisco UCS Manager
  • Cisco UCS Standalone C-Series Rack Server – Integrated Management Controller

Voice and Unified Communications Devices

  • Cisco Agent Desktop for Cisco Unified Contact Center Express
  • Cisco Agent Desktop
  • Cisco ATA 187 Analog Telephone Adaptor
  • Cisco ATA 190 Series Analog Terminal Adapters
  • Cisco Computer Telephony Integration Object Server (CTIOS)
  • Cisco Emergency Responder
  • Cisco H.323 Signaling Interface
  • Cisco Hosted Collaboration Mediation Fulfillment
  • Cisco IP 7800 Series Phones
  • Cisco IP 8800 Series Phones – VPN feature
  • Cisco Jabber for iPhone and iPad
  • Cisco MediaSense
  • Cisco Packaged Contact Center Enterprise
  • Cisco SPA112 2-Port Phone Adapter
  • Cisco SPA122 Analog Telephone Adapter (ATA) with Router
  • Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA)
  • Cisco SPA51x IP Phones
  • Cisco SPA525G 5-Line IP Phone
  • Cisco Small Business SPA300 Series IP Phones
  • Cisco Small Business SPA500 Series IP Phones
  • Cisco UC Integration for Microsoft Lync
  • Cisco Unified Attendant Console Advanced
  • Cisco Unified Attendant Console Business Edition
  • Cisco Unified Attendant Console Department Edition
  • Cisco Unified Attendant Console Enterprise Edition
  • Cisco Unified Attendant Console Premium Edition
  • Cisco Unified Attendant Console Standard
  • Cisco Unified Communications Domain Manager
  • Cisco Unified Communications Manager IM & Presence Service (formerly CUPS)
  • Cisco Unified Communications Manager Session Management Edition
  • Cisco Unified Communications Manager
  • Cisco Unified Contact Center Enterprise – Live Data server
  • Cisco Unified Contact Center Enterprise
  • Cisco Unified Contact Center Express
  • Cisco Unified IP 6901 Phone
  • Cisco Unified IP 6945 Phone
  • Cisco Unified IP 7900 Series Phones
  • Cisco Unified IP 8831 Conference Phone for
    Third-Party Call Control
  • Cisco Unified IP 8961 Phone
  • Cisco Unified IP 9951 Phone
  • Cisco Unified IP 9971 Phone
  • Cisco Unified Intelligent Contact Management Enterprise
  • Cisco Unified SIP Proxy Software
  • Cisco Unified Wireless IP Phone
  • Cisco Unified Workforce Optimization
  • Cisco Unity Connection
  • Cisco Unity Express
  • Cisco Universal Small Cell RAN Management System
  • Cisco Virtualization Experience Media Edition
  • Cisco Virtualized Voice Browser

Video, Streaming, TelePresence, and Transcoding Devices

  • Cisco D9859 Advanced Receiver Transcoder
  • Cisco Enterprise Content Delivery System (ECDS)
  • Cisco Show and Share
  • Cisco TelePresence Conductor
  • Cisco TelePresence Content Server
  • Cisco TelePresence Exchange System
  • Cisco TelePresence ISDN Gateway 3241
  • Cisco TelePresence ISDN Gateway MSE 8321
  • Cisco TelePresence ISDN Link
  • Cisco TelePresence MCU 4200 Series, 4500 Series, 5300 Series, MSE 8420, and MSE 8510
  • Cisco TelePresence MX Series
  • Cisco TelePresence Profile Series
  • Cisco TelePresence SX Series
  • Cisco TelePresence Serial Gateway Series
  • Cisco TelePresence Server 7010 and MSE 8710
  • Cisco TelePresence Server on Multiparty Media 310 and 320
  • Cisco TelePresence Server on Multiparty Media 820
  • Cisco TelePresence Server on Virtual Machine
  • Cisco TelePresence Supervisor MSE 8050
  • Cisco TelePresence System 1000
  • Cisco TelePresence System 1100
  • Cisco TelePresence System 1300
  • Cisco TelePresence System 3000 Series
  • Cisco TelePresence System 500-32
  • Cisco TelePresence System 500-37
  • Cisco TelePresence System EX Series
  • Cisco TelePresence System TX1310
  • Cisco TelePresence TX9000 Series
  • Cisco Telepresence Integrator C Series
  • Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)
  • Cisco Video Surveillance 3000 Series IP Cameras
  • Cisco Video Surveillance 4000 Series High-Definition IP Cameras
  • Cisco Video Surveillance 4300E and 4500E High-Definition IP Cameras
  • Cisco Video Surveillance 6000 Series IP Cameras
  • Cisco Video Surveillance 7000 Series IP Cameras
  • Cisco Video Surveillance PTZ IP Cameras
  • Cisco Videoscape AnyRes Live
  • Cisco Videoscape Control Suite
  • Tandberg Codian ISDN Gateway 3210, 3220, and 3240
  • Tandberg Codian MSE 8320

Wireless

  • Cisco Aironet 2700 Series Access Points
  • Cisco Wireless LAN Controller

Cisco Hosted Services

  • Cisco Cloud Email Security
  • Cisco Cloud Services
  • Cisco Cloud Web Security
  • Cisco Connected Analytics for Collaboration
  • Cisco Data Center Analytics Framework UCS Collector
  • Cisco Feature Analytics Service
  • Cisco IOS XE Software for ASR903, ASR1000, CSR1000V, and ISR4400
  • Cisco Network Performance Analysis
  • Cisco ONE Portal
  • Cisco Partner Support Service 1.x
  • Cisco Proactive Network Operations Center
  • Cisco Registered Envelope Service
  • Cisco Service Lifecycle Information Manager (SLIM)
  • Cisco Services Provisioning Platform
  • Cisco Smart Care
  • Cisco Smart Net Total Care – Smart Interactions
  • Cisco Universal Small Cell 5000 Series – Running Release 3.4.2.x
  • Cisco Universal Small Cell 7000 Series – Running Release 3.4.2.x
  • Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem – Releases 2.99.4 and later
  • Cisco WebEx Meeting Center
  • Cisco WebEx Messenger Service
  • Network Health Framework
  • Services Analytics Platform

No other Cisco products are currently known to be affected by this vulnerability.

Details

  • Linux Kernel Memory Subsystem Copy-on-Write Privilege Escalation Vulnerability

    A vulnerability in the memory manager functions of the Linux Kernel could allow unauthenticated, local attackers to gain write access to otherwise read-only memory mappings to increase their privileges on the system.

    The vulnerability is due to a race condition in the memory manager functions of the Linux Kernel. An attacker could exploit this vulnerability by racing the madvise (MADV_DONTNEED) system call. An exploit could allow the attacker to gain write access to otherwise read-only memory mappings. A local user could modify on-disk binaries, bypassing the standard permission mechanisms.


Workarounds

  • Any available workarounds are documented in the Cisco bugs for each affected product, which are given in the Vulnerable Products table and also accessible from the Cisco Bug Search Tool.

Fixed Software

  • Cisco will release free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
    http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html

    Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):
    http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

    Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory against Cisco Products.

Source

  • This vulnerability was publicly disclosed by the Linux Foundation on October 19, 2016.