11.5 C
London
Saturday, October 21, 2017
Home Tags Secure

Tag: secure

The popular open source API framework Swagger lets developers describe, produce, and consume RESTful web services using a human-friendly authoring format.

But a vulnerability that could result in code execution because of unexpected user input is a sobering reminder to developers to never, ever, trust user input. Swagger defines a standard, language-agnostic interface to REST APIs by allowing people and computers to discover and understand what a web service can do without having to dig through the original source code, documentation, or network traffic packets.
Swagger's code generators let developers easily access APIs and produce client-server code, but a problem arises when the generators are fed malicious input.

Because Swagger's generators and parsers don't verify input when generating code, a maliciously-crafted Swagger document can result in remote code execution, Rapid7 said in a blog post disclosing the vulnerability. "On the client side, a vulnerability exists in trusting a malicious Swagger document to create any generated code base locally, most often in the form of a dynamically generated API client," Rapid7 said. "On the server side, a vulnerability exists in a service that consumes Swagger to dynamically generate and serve API clients, server mocks and testing specs." Attackers can inject parameters in Swagger JSON or YAML files to dynamically build HTTP API clients or servers in Node.js, PHP, Ruby, and Java with embedded arbitrary code.

The potential attack scenario works similarly to specially-crafted Word or PDF documents booby-trapped with malicious executable code.
In this case, an application parsing the malicious Swagger document could result in a script being executed on the web server.

An attacker could potentially steal keys or certificates, or change application functionality. Rapid7 recommended developers inspect Swagger documents for "language-specific escape sequences" until a patch is available.

The blog post has examples of injectable parameters.
Strings within keys inside the 'paths' object of a Swagger document can be written to generate executable Node.js or Java.
Strings within the 'description' object in the definitions section of a swagger document can inject comments and inline PHP code, and strings in 'description' and 'title' of a swagger document can be used in unison to terminate block comments and inject inline ruby code. Rapid7 disclosed the vulnerability to the Swagger API team in April, and to the Computer Emergency Response Team in May.

Even after Rapid7 shared a proposed patch addressing the flaw with CERT, which is now available on GitHub, there was no response from the maintainers. Rapid7 researchers publicly disclosed details of the flaw, along with a Metasploit module, this week. In the absence of fixes to the Swagger specification, which the Linux Foundation's Open API Initiative is built on, developers have to make sure they are sanitizing all input. Mitigations include properly escaping parameters before injecting, and having sanitization efforts in place to ensure the context of trust for an API specification. "For example, using double brackets {{ instead of {{{ for handlebar templates will usually prevent many types of injection attacks that involve single or double quote termination," the blog post said. There are other examples, such as enforcing single-line for commented variables and sanitizing ' & " in variables before unescaped insertion.

Developers are encouraged to use sanitization tools like the OWASP ESAPI. "Our disclosure on the issues with generated Swagger code is an ultimately positive wake up call to the developers behind it, and I'm sure that they'll be producing some decent documentation on how to avoid getting caught out by unexpected user input going forward," Tod Beardsley, principal research manager at Rapid7. In the patch discussion on GitHub, swagger-codgen has used a "security" tag for the first time on their issue tracker, "a significant milestone of security maturity for the project," Beardsley said. "There's a lot of engagement on Scott Davis's proposed patches now, and I'm sure the other maintainers will be taking note." Secure programming is hard, as it runs counter to the normal development mantra of build and ship first, fix later.
If developers had to wait till the code was perfect, the product would never ship, but developers need to incorporate basic tenets to protect the application.
In this case, it's always sanitize user input. "'Thou shalt not trust user input' is a basic secure programming commandment, and it's probably the one most violated," Beardsley said. It's understandable that developers don't have a breaker mindset when working with the specification.
Swagger, designed to make API documentation and adoption easier, is targeted squarely at professional developers.
It's a tool "for, and by, makers, and generally, it's used by trustworthy parties who are behaving themselves and not trying to poison each other," Beardsley said. That said, someone can be malicious on the internet, and being smart and secure is the best defense.

There have been a number of vulnerabilities related to not sanitizing user inputs, such as the deserialization flaw affecting Apache commons library. While individual commercial products have fixed the issue in their code, the actual library remains vulnerable. The more formats these applications support, the more chances there are slipping in some unchecked user input. "A toolset like this which consumes and produces code in an array of languages is going to have a much higher attack surface, and more chances for security bugs than most projects," Beardsley said.  Waiting for the fix can be a long wait, and developers shouldn't count on libraries and APIs to be sanitizing input.

Assume input can be bad, and make the appropriate checks accordingly.
A vulnerability in the handling of remote TCP connections in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to low memory.The vulnerability is due to the handling of out-of-order, or otherwise invalid, TCP packets on a remote connection to an affected device. An attacker could exploit this vulnerability by connecting to the device and then sending crafted TCP packets that are out of order or have invalid flags. An exploit could allow the attacker to cause the device to report low-memory warnings, which could in turn cause a partial DoS condition. This vulnerability was initially found for Secure Shell Host (SSH) remote connections, but it could also affect other remote connections to the device.Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is available at the following link:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr
Security Update for Netlogon (3167691)Published: June 14, 2016Version: 1.0This security update resolves a vulnerability in Microsoft Windows.

The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.This security update is rated Important for all supported editions of Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

For more information, see the Affected Software and Vulnerability Severity Ratings section.The update addresses the vulnerability by modifying how Netlogon handles the establishment of secure channels.

For more information about the vulnerability, see the Vulnerability Information section.For more information about this update, see Microsoft Knowledge Base Article 3167691.The following software versions or editions are affected.
Versions or editions that are not listed are either past their support life cycle or are not affected.

To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability.

For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the June bulletin summary.[1]This update is available via Windows Update only.*The Updates Replaced column shows only the latest update in a chain of superseded updates.

For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is on the Package Details tab).Why is security update 3161561 in this bulletin also denoted in MS16-075 Security update 3161561 is also denoted in MS16-075 for supported releases of Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 due to the way fixes for vulnerabilities affecting particular products are consolidated.

Because bulletins are broken out by the vulnerabilities being addressed, not by the update package being released, it is possible for separate bulletins, each addressing distinctly different vulnerabilities, to list the same update package as the vehicle for providing their respective fixes.

This is frequently the case with cumulative updates for products, such as Internet Explorer or Silverlight, where singular security updates address different security vulnerabilities in separate bulletins.Note Users do not need to install identical security updates that ship with multiple bulletins more than once.Windows Netlogon Memory Corruption Remote Code Execution- CVE-2016-3228This security update resolves a vulnerability in Microsoft Windows.

The vulnerability could allow remote code execution when Windows improperly handles objects in memory.

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

To exploit the vulnerability, a domain-authenticated attacker could make a specially crafted NetLogon request to a domain controller. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This update corrects how Windows handles objects in memory to prevent corruption.The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability Title CVE number Publicly disclosed Exploited Windows Netlogon Memory Corruption Remote Code Execution Vulnerability CVE-2016-3228 No No Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability.WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.
See Acknowledgments for more information.The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.
In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages.
Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.V1.0 (June 14, 2016): Bulletin published. Page generated 2016-06-15 10:31-07:00.
Norbain is pleased to announce the addition of new BioConnect biometric products to the Norbain product portfolio.

BioConnect is on a ‘Quest for Rightful Identity’ seeking to empower people to authenticate with credentials that are completely unique to them, such as their face, eyes, voice, heartbeat or fingerprint throughout their everyday lives. Through their partnership with the global leader in biometric security, Suprema, BioConnect supports the implementation of Suprema's devices and IP access control solutions with sales, consulting and technical support. New products include: BioConnect Identity PlatformBioConnect began the build of their identity platform seven years ago to fundamentally change how people access applications and processes in both the physical and digital world.

The platform enables the suite of Suprema biometric readers to integrate with the leading access control systems around the globe.

This provides a new opportunity for biometrics in both retrofit and legacy systems for access control. Suprema BioStation A2 and L2Suprema BioStation A2 and BioStation L2 are the newest biometric terminals from Suprema.

Born from real customer needs in the market place, BioStation A2 is a secure biometric product with extremely high performance and reliability. Designed for all types of time-attendance applications, BioStation L2 provides exceptional value by combining the world’s best Suprema fingerprint algorithm with high performance and enhanced security features.

Both products feature Suprema’s newest fingerprint algorithm and OP5 sensor building on the superior quality of the Suprema product line. BioConnect TeamWorksBioConnect TeamWorks is a cloud-based application that boasts time & attendance, absence management, and payroll integrations.

The application allows executive staff to have visibility and gain insights into their workforce from anywhere, at any time, while the biometric integration provides identity assurance and visibility into hours worked. “In the past, biometrics were perceived strictly as products for ‘high security’ environments, but we’re seeing use cases that stretch far beyond that, to provide identity assurance, security and convenience to markets such as education, data centres and in enterprise settings,” said Founder and CEO Rob Douglas. “Our partnership with Norbain facilitates great relationships with key accounts in these markets." BioConnect, Suprema and Norbain will all be at IFSEC at ExCeL London from 21st -23rd June.
See the solutions mentioned above at Suprema/BioConnect stand E4100 or speak with Norbain at stand D1300.
Secure Cloudlink eliminates the need for passwords safeguarding organisations from cyber attack, security breaches, support costs and software license abuseA new, patented cloud services brokerage (CSB) solution providing secure identity management and cloud services distribution has been launched designed specifically to eliminate the need for passwords. The solution from British cloud security software company Secure Cloudlink Ltd – Secure Cloudlink – supports three factor, SSO (single sign on) and biometric user authentication but unlike other solutions in the market, does not store, send or replicate any user credentials outside of an organisations’ directory service. Secure Cloudlink acts as a secure, centralised user authentication and application to manage all users access rights to all authorised applications without the need to create and manage internal domains. Brian Keats, CEO, Secure Cloudlink Ltd, stated: “Passwords are quickly evolving into an untenable means of authentication because of their fundamental security vulnerabilities.

That evolution is being accelerated by the dramatic shift to mobile computing and the ever-rising tide of data breaches. We identified the need for a fundamentally new way of anonymous authentication bypassing the vulnerabilities that exist because of the inherent properties of passwords being human-accessible shared secrets.” “It’s impossible to use the same password everywhere because different sites insist on different password formats.

Even if it were possible, it wouldn’t be sensible.
So we tend to use many different passwords and then forget which password to use for what, so resort to using similar passwords and never changing them, or to writing them down.

Either way, security is compromised.” According to Gartner in its report ‘Design IT Self Service for the Business Consumer’ “password resets account for as much as 40 per cent of IT service desk contact value.”[1] Designed from the ground up with security in mind Secure Cloudlink’s Cloud Services Brokerage platform overcomes identity security issues associated with passwords by the inclusion of a unique and patented token passing technology.

This advanced authentication method requires no user credentials to be stored separately or outside of the directory service dramatically reducing the risk of a cyber breach and costs associated with password reminders. “This usability problem has got worse in recent years through the ubiquity of smaller keyboards such as those on mobile devices, more complex requirements for “password strength” at many sites, and the introduction of one-time-passcodes as a second factor “secret” that forces the users to type not one, but two passcodes every time they authenticate,” continued Brian. “Although some organisations are investing in technology to automate password resets to reduce the number of calls user credentials still persist exposing the organisation to the threat of cyber attack.

At SCL our approach is to eliminate the passwords and streamline the granting of access to applications, IT resources and on-line services.” Secure Cloudlink is the only platform that anonymises user identities over the web for secure access to cloud services.
Its unique technology never requires access or stores user security credentials when connecting internal users, customers and suppliers to web-based applications. The use of Federated Security authentication, also means that network users can enjoy seamless and secure access to multiple cloud services without even appearing to have left the corporate network. With a secure single-sign-on Secure Cloudlink reduces IT service desk time managing multiple passwords by deploying users with a single, secure access point for access to their applications via their desktop, tablet or mobile. Users can be provisioned access both at single and group level, and with a bulk upload facility.

Furthermore, Secure Cloudlink provides an environment that allows centralised management access to employees, contractors, suppliers and customers without creating new domains and user accounts in an existing directory. The company has already sold the Secure Cloudlink solution to a number of customers across a diverse range of markets including government, SaaS providers, and financial institutions.
It is a highly applicable solution for any organisation looking to provide a simple, secure yet password free user access to cloud and on-premise applications and services. [1] Gartner, Design IT Self Service for the Business Consumer, February 19, 2014, Gartner Foundational July 6, 2015 -ENDS- NOTES TO EDITORSAbout Secure CloudlinkSecure Cloudlink – no passwords Secure Cloudlink is a patented cloud services brokerage (CSB) solution providing both secure identity management and cloud services distribution which uniquely eliminates the use of passwords. Unlike other user authentication solutions Secure Cloudlink does not store transmit or replicate user credentials ‘behind the scenes’ removing the security risks, frustrations, system and cost overheads associated with issuing and maintaining passwords. Including biometric user interfaces, multi-factor authentication and single sign on (SSO) capabilities , Secure Cloudlink is a highly cost competitive, secure, and centrally managed access solution to on-premise and SaaS applications including, financial services, Microsoft Office 365 and Mimecast. For further information please go to http://www.securecloudlink.com/ ContactsRob GaskinSecure Cloudlink LtdT: +44 (0)1372 888 660E: rob.gaskin@securecloudlink.com Beau Bass/Nick Bird (media enquires)SpreckleyTel: 0044 (0)207 388 9988Email: securecloudlink@spreckley.co.uk
Commissioned by Nok Nok Labs, the White Paper evaluates key privacy implications of processing biometric data; comparing the benefits and risks of on-device and on-server matching for biometric authenticationLondon, UK – May 12, 2016 – Nok Nok Labs, an innovator in modern authentication and a founding member of the FIDO (Fast IDentity Online) Alliance, today published a White Paper from PwC Legal comparing key privacy implications of on-device and on-server matching of biometric data. Phillip Dunkelberger, President & CEO of Nok Nok Labs For organisations considering biometrics as they move away from reliance on usernames and passwords, the report highlights why device-side matching of biometric data is a compelling approach to satisfy key privacy requirements on cross-border personal data transfers, as well as providing the benefits of individual choice and control around such personal data. Biometric data is considered to be sensitive personal data and some jurisdictions have already specifically referenced it in privacy guidance and legislation.

This paper emphasises key privacy considerations, sets out the implications of processing biometric data in the EU, Switzerland, Canada, USA and the Asia-Pacific region, and touches on best practice recommendations in these jurisdictions. “Biometric authentication and verification can be one of the most secure ways to control access to restricted systems and information,” said Stewart Room, partner at PwC Legal. “Unlike authentication based on traditional passwords, authentication through biometric data is easier to use in practice, and can be far more secure. “However, this is a double-edged sword, because biometric data is extremely sensitive due to its uniqueness and how intrinsic it is to a specific individual.

Additional efforts must be made to keep this data secure including choosing a proper compliance system and infrastructure, training staff how to handle it and protecting it from unauthorised access or disclosure.” Other key findings in the White Paper include: Freely given, informed user consent is required before processing biometric data in almost every jurisdiction covered in the White Paper With centralised storage of biometric data, the potential for large-scale loss of data is significantly increased On-device authentication will generally avoid international cross-border biometric data transfer implications.

Conversely, on-server authentication for a global network of biometric users results in international transfers of data; transfer of personal data, including biometric data, out of a jurisdiction is generally restricted “Biometrics are a compelling way to improve mobile application usability and avoid the security pitfalls of username/passwords, but significant privacy concerns come into play,” said Phillip Dunkelberger, President & CEO of Nok Nok Labs. “With biometrics, it is crucial to understand the difference between on-device and on-server matching, as the difference between the two approaches significantly affects the risk and exposure of data in a breach.

The on-device approach, as used by Nok Nok Labs technology, ensures optimal privacy for biometric information.” The full report can be found here: https://go.noknok.com/PwCLegal-Biometric-WP.html. # # # About PwC LegalAt PwC Legal we combine legal advice with the expertise of professionals in Tax, Accounting and HRS to provide our clients with commercial solutions to the most complex business issues. We're a network of 2,500 legal experts in over 85 countries committed to delivering an exceptional service to clients and experience for our people.

The white paper has been prepared by PwC Legal LLP upon request by Nok Nok Labs, Inc, and does not constitute legal advice. About Nok Nok LabsNok Nok Labs provides organisations with the ability to bring a unified approach to deploy easy to use and secure authentication infrastructure to their mobile and web applications, using standards-based solutions that include support for FIDO and other specifications.

The Nok Nok S3 Authentication Suite enables organisations to accelerate revenues, reduce fraud, and strengthen security and privacy. Nok Nok Labs is a founding member of the FIDO Alliance with industry leading customers and partners that include NTT DOCOMO, PayPal, Alipay, Samsung and Lenovo.

For more information, visit www.noknok.com. Nok Nok Labs, Nok Nok and NNL are all trademarks of Nok Nok Labs, Inc.

FIDO is a trademark of the Fast IDentity (FIDO) Online Alliance.
Media contacts for Nok Nok LabsLindsey Challis or Gemma WhiteNok Nok Labs team at Finn Partners+44 020 3217 7060NNL@finnpartners.com Tom RiceNok Nok Labs team at Merritt Group+1 703-856-2218NNLPR@merrittgrp.com
Product Cisco Bug ID Fixed Release Availability Cisco MeetingPlace CSCuz52556 CWMS 2.7 (Available) Cisco SocialMiner CSCuz63938 11.5.1 (Available) Cisco WebEx Meetings Server versions 1.x CSCuz52375 "2.6.1.2109 (Available)2.7.1.12 (Available)" Cisco WebEx Meetings Server versions 2.x CSCuz52375 "2.6.1.2109 (Available)2.7.1.12 (Available)" Cisco WebEx Node for MCS CSCuz52370 3.12.9.8 (Available) Cisco Agent for OpenFlow CSCuz52503 2.1.5 (N3K/N9K) (Available) 2.0.7 (N7K) (Available) 2.0.7 (cat3k/cat4k) (Available) Cisco AnyConnect Secure Mobility Client for Android CSCuz52506 4.3 for WindowsLinuxOS X (10-JUN-2016) 4.2 for WindowsLinuxOS X (16-JUN-2016) 4.0 for AndroidiOS (30-JUN-2016) Cisco AnyConnect Secure Mobility Client for Android CSCuz52507 4.3 for WindowsLinuxOS X (Available) 4.2 for WindowsLinuxOS X (Available) 4.0 for AndroidiOS (Available) Cisco AnyConnect Secure Mobility Client for Linux CSCuz52506 4.3 for WindowsLinuxOS X (10-JUN-2016) 4.2 for WindowsLinuxOS X (16-JUN-2016) 4.0 for AndroidiOS (30-JUN-2016) Cisco AnyConnect Secure Mobility Client for OS X CSCuz52506 4.3 for WindowsLinuxOS X (10-JUN-2016) 4.2 for WindowsLinuxOS X (16-JUN-2016) 4.0 for AndroidiOS (30-JUN-2016) Cisco AnyConnect Secure Mobility Client for Windows CSCuz52506 4.3 for WindowsLinuxOS X (10-JUN-2016) 4.2 for WindowsLinuxOS X (16-JUN-2016) 4.0 for AndroidiOS (30-JUN-2016) Cisco AnyConnect Secure Mobility Client for iOS CSCuz52506 4.3 for WindowsLinuxOS X (10-JUN-2016) 4.2 for WindowsLinuxOS X (16-JUN-2016) 4.0 for AndroidiOS (30-JUN-2016) Cisco Jabber Guest 10.0(2) CSCuz52554 11.0 (Available) Cisco Jabber Software Development Kit CSCuz52552 11.7 (Available) Cisco Jabber for Android CSCuz52568 11.6 MR (Available) Cisco Jabber for Mac CSCuz52551 11.7 (Available) Cisco Jabber for Windows CSCuz60563 11.6(1) (Available) Cisco MMP server CSCuz52380 3.10.0 (Available) Cisco WebEx Meetings Client - Hosted CSCuz52379 T31R1SP6 (15-DEC-2016) Cisco WebEx Meetings Client - On Premises CSCuz52374 2.7.1.12 (Available)2.6.1.2109 (Available) Cisco WebEx Meetings for Android CSCuz52371 A patch file is available for vulnerable releases Cisco WebEx Meetings for WP8 CSCuz52373 No further releases are planned WebEx Meetings Server - SSL Gateway CSCuz52376 "2.6.1.2109 (Available)2.7.1.12 (Available)" WebEx Recording Playback Client CSCuz52378 T31R1SP6 (DEC-2016) Cisco ACE 30 Application Control Engine Module CSCuz52383 No fix available Cisco ACE 4710 Application Control Engine (A5) CSCuz52383 No fix available Cisco Application and Content Networking System (ACNS) CSCuz52468 5.5.41 (31-JUL-2016) Cisco InTracer CSCuz52350 Product is EOL so no fix is expected. Cisco Network Admission Control (NAC) CSCuz52469 No fix available Cisco Visual Quality Experience Server CSCuz52466 3.11(3.1) (Available) Cisco Visual Quality Experience Tools Server CSCuz52466 3.11(3.1) (Available) Cisco Wide Area Application Services (WAAS) CSCuz52481 5.5.7 (30-JUN-2016)6.2.3 (29-JUL-2016) Cisco ASA CX and Cisco Prime Security Manager CSCuz52482 9.5.4.3 (30-MAY-2016) Cisco ASA Next-Generation Firewall Services CSCuz52479 R2.1.1 (Available) Cisco Adaptive Security Appliance (ASA) CSCuz52474 All affected systems have been updated. Cisco Clean Access Manager CSCuz52470 No fix available Cisco Content Security Management Appliance (SMA) CSCuz52367 10.5 (APR-2017) Cisco FireSIGHT System Software CSCuz52366 6.0.1.2 (27-JUN-2016) Cisco IPS CSCuz52508 No fix available Cisco Identity Services Engine (ISE) CSCuz52493 2.2.1 (Available) Cisco Email Security Appliance (ESA) CSCuz52363 11.0 (APR-2017) Cisco IronPort Encryption Appliance (IEA) CSCuz52365 No fix available Cisco NAC Guest Server CSCuz52472 No fix available Cisco NAC Server CSCuz52471 No fix available Cisco Physical Access Control Gateway CSCuz52487 Cisco Secure Access Control Server (ACS) CSCuz52504 5.8 patch 5 (JUL-2016) Cisco Secure Access Control System (ACS) CSCuz52505 5.8 patch 5 (Available) Cisco Virtual Security Gateway for Microsoft Hyper-V CSCuz52403 5.2(1) (20-AUG-2016)VSG2(1.4) (20-AUG-2016) Cisco Web Security Appliance (WSA) CSCuz52369 10.5 (MAR-2017) Lancope Stealthwatch SMC   6.7.3   End of May 20166.8.0   End of May 20166.8.1   June 20166.8.2   End of Jun 2016 Lancope Stealthwatch FlowCollector NetFlow   6.7.3   End of May 20166.8.0   End of May 20166.8.1   June 20166.8.2   End of Jun 2016 Lancope Stealthwatch FlowCollector sFlow   6.7.3   End of May 20166.8.0   End of May 20166.8.1   June 20166.8.2   End of Jun 2016 Lancope Stealthwatch FlowSensor   6.7.3   End of May 20166.8.0   End of May 20166.8.1   June 20166.8.2   End of Jun 2016 Lancope Stealthwatch UDP Director   6.7.3   End of May 20166.8.0   End of May 20166.8.1   June 20166.8.2   End of Jun 2016 Cisco Application Networking Manager CSCuz52384 Contact TAC for upgrade options Cisco Application Policy Infrastructure Controller (APIC) CSCuz52389 11.6 MR (Available) Cisco Digital Media Manager CSCuz52441 5.3.0 (Available)5.3.6 (Available)5.3.6(RB1) (Available)5.3.6(RB2) (Available)5.4.0 (Available)5.4.1 (Available)5.4.1(RB1) (Available)5.4.1(RB2) (Available) Cisco MATE Collector CSCuz52583 6.3.5dev-19-g2329292 (Available)6.4dev-2206-g9361bc4 (Available)6.4dev-2250-g50ed411 (Available) Cisco MATE Design CSCuz52583 6.3.5dev-19-g2329292 (Available)6.4dev-2206-g9361bc4 (Available)6.4dev-2250-g50ed411 (Available) Cisco MATE Live CSCuz52583 6.3.5dev-19-g2329292 (Available)6.4dev-2206-g9361bc4 (Available)6.4dev-2250-g50ed411 (Available) Cisco Management Appliance (MAP) CSCuz52355 0.9.8e (Available)0.9.8-39.el5_11 (08-JUN-2016) Cisco Mobile Wireless Transport Manager CSCuz52431 No fix expected. Cisco NetFlow Generation Appliance CSCuz52426 Affected systems will be updated (01-AUG-2016) Cisco Network Analysis Module CSCuz52423 6.3.1 (Available) Cisco Packet Tracer CSCuz52451 7.0 (Available) Cisco Policy Suite (CPS) CSCuz52587 10.0 (Available) Cisco Prime Access Registrar CSCuz52418 7.0.1.7 (JUN-2016)7.1.x (JUN-2016)7.2 (SEP-2016) Cisco Prime Collaboration Assurance CSCuz52430 11.5 SP1 (Aug. 2016) Cisco Prime Collaboration Deployment CSCuz52537 11.5 (Available) Cisco Prime Collaboration Provisioning CSCuz52429 11.2 (Available) Cisco Prime Data Center Network Manager (DCNM) CSCuz52387 10.0(1.28)S0 (Available) Cisco Prime IP Express CSCuz52421 Cisco Prime Infrastructure Standalone Plug and Play Gateway CSCuz52424 Cisco Prime Infrastructure CSCuz52425 3.1.1 (JUN-2016) Cisco Prime LAN Management Solution (LMS - Solaris) CSCuz52413 No fix is expected. Cisco Prime License Manager CSCuz52452 11.5 (JUN-2016) Cisco Prime Network Registrar (CPNR) CSCuz52415 Cisco Prime Network Services Controller CSCuz52433 3.4.2 (AUG-2016) Cisco Prime Network CSCuz52408 Affected systems will be updated (30-Jun-2016) Cisco Prime Optical for SPs CSCuz52420 10.6 (Available) Cisco Prime Performance Manager CSCuz52409 1.7.0.6 (30-JUL-2016) Cisco Prime Security Manager CSCuz52477 9.5.4.3 (Available) Cisco Security Manager CSCuz52432 4.12 (Available) Cisco UCS Central CSCuz52405 1.5(1a) (Available) Cisco Unified Intelligence Center (CUIC) CSCuz63935 11.5.1 (Available) Local Collector Appliance (LCA) CSCuz52524 2.2.12 (20-MAY-2016) Cisco ASR 5000 Series CSCuz52351 19.4.0 (30-JUN-2016)20.2.0 (29-JUL-2016)21.0.0 (30-SEP-2016) Cisco Connected Grid Router - CGOS CSCuz52385 15.6.2.15T (5-JUN-2016) Cisco Connected Grid Router CSCuz52529 15.6.2.15T (05-JUN-2016) Cisco IOS Software and Cisco IOS-XE Software CSCuz52528 "15.4(1)IA1.73 (Available)15.6(2)T0.1 (Available)15.6(2.19)T (Available)16.3(0.232) (Available)16.4(0.49) (Available)" Cisco IOS-XR CSCuz52437 Affected systems will be updated (08-Jun-2016) Cisco MDS 9000 Series Multilayer Switches CSCuz52394 6.2.17 (MDS) (JUN-2016)7.3.1DX (N7k and MDS) (AUG-2016)7.3.1NX (N5k/N6k) (AUG-2016)8.3 (N3k/N9k) (NOV-2016) Cisco Nexus 1000V InterCloud CSCuz52393 Affected systems will be updated (30-Jun-2016) Cisco Nexus 1000V Series Switches (ESX) CSCuz52399 5.2(1)SV3(2.1) (30-JUN-2016) Cisco Nexus 1000V Series Switches CSCuz52397 5.2(1)SV3(2.1) (Available) Cisco Nexus 3X00 Series Switches CSCuz52400 6.0(2)A8(1) (Available) Cisco Nexus 4000 Series Blade Switches CSCuz52512 0.9.8zf (Available) Cisco Nexus 5000 Series Switches CSCuz52401 7.3.1 (Available) Cisco Nexus 6000 Series Switches CSCuz52395 6.2.17 (MDS) (JUN-2016)7.3.1DX (N7k and MDS) (AUG-2016)7.3.1NX (N5k/N6k) (AUG-2016)8.3 (N3k/N9k) (NOV-2016) Cisco Nexus 7000 Series Switches CSCuz52395 6.2.17 (MDS) (JUN-2016)7.3.1DX (N7k and MDS) (AUG-2016)7.3.1NX (N5k/N6k) (AUG-2016)8.3 (N3k/N9k) (NOV-2016) Cisco Nexus 9000 (ACI/Fabric Switch) CSCuz52391 12.0(0.133) (Available) Cisco Nexus 9000 Series (standalone, running NxOS) CSCuz52396 10.6(3.11002.7) Cisco ONS 15454 Series Multiservice Provisioning Platforms CSCuz52486 10.6.1 (30-JUN-2016) Cisco OnePK All-in-One VM CSCuz52485 No fix available Cisco Service Control Operating System CSCuz52530 5.1 (Available)5.2 (Available) Cisco Sx220 switches CSCuz52497 1.4.7 (NOV-2016) Cisco Sx300 switches CSCuz52500 1.4.7 (NOV-2016) Cisco Sx500 switches CSCuz52502 1.4.7 (NOV-2016) Cisco Cloupia Unified Infrastructure Controller CSCuz52386 5.5 (Available) Cisco Common Services Platform Collector CSCuz52352 1.10 (SEPT-2016) Cisco Standalone rack server CIMC CSCuz52406 2.0(13) (Available) Cisco Unified Computing System (Management software) CSCuz52483 3.1.2 (AUG-2016) Cisco Virtual Security Gateway CSCuz52402 5.2(1) (20-AUG-2016)VSG2(1.4) (20-AUG-2016) Cisco 190 ATA Series Analog Terminal Adaptor CSCuz52534 1.3.0 (APR-2017) Cisco 8800 Series IP Phones - VPN Feature CSCuz52565 11.5.2 (12-DEC-2016) Cisco ATA 187 Analog Telephone Adaptor CSCuz52560 9.2.5 (05-APR-2017) Cisco Agent Desktop for Cisco Unified Contact Center Express CSCuz52539 No fix is expected Cisco Computer Telephony Integration Object Server (CTIOS) CSCuz52360 11.51 (Available) Cisco DX Series IP Phones CSCuz52563 No fix is expected Cisco Emergency Responder CSCuz52543 11.5 (Available) Cisco Finesse CSCuz63940 11.5.1 (09-AUG-2016) Cisco Hosted Collaboration Mediation Fulfillment CSCuz52547 10.6(1.99000.17) (Available)10.6(1.99000.18) (Available)10.6(3.11002.7) (Available) Cisco IM and Presence Service (CUPS) CSCuz52545 11.5 (Available) Cisco IP Interoperability and Collaboration System (IPICS) CSCuz52461 5.0 (30-AUG-2016) Cisco Jabber for Apple iOS CSCuz52550 11.7.0 (Available) Cisco MediaSense CSCuz52562 11.5.1 (Available) Cisco Paging Server (Informacast) CSCuz52548 11.5.1 (Available) Cisco Paging Server CSCuz52548 11.5.1 (Available) Cisco SPA112 2-Port Phone Adapter CSCuz52494 1.4.5 (05-OCT-2016) Cisco SPA122 ATA with Router CSCuz52494 1.4.5 (05-OCT-2016) Cisco SPA232D Multi-Line DECT ATA CSCuz52494 1.4.5 (05-OCT-2016) Cisco SPA30X Series IP Phones CSCuz52496 No further releases are planned Cisco SPA50X Series IP Phones CSCuz52496 No further releases are planned Cisco SPA51X Series IP Phones CSCuz52496 No further releases are planned Cisco SPA525G CSCuz52495 7.6.5 (05-APR-2017) Cisco Unified 6901 IP Phones CSCuz52557 9.3(1)SR3 (05-APR-2017) Cisco Unified 6945 IP Phones CSCuz52561 No fix available Cisco Unified 7800 Series IP Phones CSCuz52566 11.5.2 (Available) Cisco Unified 8831 series IP Conference Phone CSCuz52559 79xx: 9.4.2 SR2 (JUN-2016)8831: 10.3.2 (JUL-2016)99xx: 9.4.2SR3 (JUL-2016)8941/45: 9.4.2SR3 (AUG-2016) Cisco Unified 8945 IP Phone CSCuz52558 9.4.2SR3 (Available) Cisco Unified 8961 IP Phone CSCuz52546 9.4.2SR3 (Available) Cisco Unified 9951 IP Phone CSCuz52546 9.4.2SR3 (Available) Cisco Unified 9971 IP Phone CSCuz52546 9.4.2SR3 (Available) Cisco Unified Attendant Console Advanced CSCuz52532 11.5.1 (Available) Cisco Unified Attendant Console Business Edition CSCuz52532 11.5.1 (Available) Cisco Unified Attendant Console Department Edition CSCuz52532 11.5.1 (Available) Cisco Unified Attendant Console Enterprise Edition CSCuz52532 11.5.1 (Available) Cisco Unified Attendant Console Premium Edition CSCuz52532 11.5.1 (Available) Cisco Unified Attendant Console Standard CSCuz52533 11.5.1 (Available) Cisco Unified Communications Manager (UCM) CSCuz52535 11.5 (Available) Cisco Unified Communications Manager Session Management Edition (SME) CSCuz52535 11.5 (Available) Cisco Unified Communications for Microsoft Lync CSCuz52541 11.6(0.39070) (Available) Cisco Unified Contact Center Enterprise CSCuz52360 11.51 (Available) Cisco Unified Contact Center Express - Live Data Server CSCuz63936 Cisco Unified Contact Center Express CSCuz63939 11.5.1 (Available) Cisco Unified IP Conference Phone 8831 for Third-Party Call Control CSCuz52320 No further releases are planned. Cisco Unified IP Phone 7900 Series CSCuz52567 No fix available Cisco Unified Intelligent Contact Management Enterprise CSCuz52360 11.51 (Available) Cisco Unified Sip Proxy CSCuz52349 CUSP 10.0 (Sept. 2016) Cisco Unified Wireless IP Phone CSCuz52573 1.5.1 (05-APR-2017) Cisco Unified Workforce Optimization Quality Management CSCuz52571 11.0 SR3 ES5 (30-JUN-2016) Cisco Unified Workforce Optimization CSCuz52572 11.0 SR3 ES5 (Available) Cisco Unity Connection (UC) CSCuz52538 11.5 (Available) Cisco Unity Express CSCuz52348 10.0 (JAN-2017) Cisco Virtualization Experience Media Engine CSCuz52570 11.7(0) (Available)11.5.1 (Available) Cisco AnyRes Live (CAL) CSCuz52522 9.4.5 (30-JUN-2016) Cisco DCM Series 9900-Digital Content Manager CSCuz52407 19.0.0 (Available) Cisco Digital Media Players (DMP) 4300 Series CSCuz52440 "5.4(1)RB(2P11) (Available)5.3(6) RB(2P8) (Available)" Cisco Digital Media Players (DMP) 4400 Series CSCuz52440 "5.4(1)RB(2P11) (Available)5.3(6) RB(2P8) (Available)" Cisco Edge 300 Digital Media Player CSCuz52514 1.6RB4_5 (29-JUN-2016) Cisco Edge 340 Digital Media Player CSCuz52515 1.2.0.20 (23-JUN-2016) Cisco Enterprise Content Delivery System (ECDS) CSCuz52442 2.6.8 (Available) Cisco Expressway Series CSCuz55590 8.8 (Available) Cisco Internet Streamer (CDS) CSCuz52465 4.3.2 (JUN-2016) Cisco Media Experience Engines (MXE) CSCuz52449 3.5.2 (Available) Cisco Media Services Interface CSCuz52438 No fix is expected Cisco Show and Share (SnS) CSCuz52454 No fixes are expected. Cisco TelePresence 1310 CSCuz52531 "6.1.13 (15-JAN-2016)1.10.16 (15-JAN-2016)1.9.12 (15-JAN-2016)" Cisco TelePresence Conductor CSCuz52439 4.3 (Available) Cisco TelePresence Content Server (TCS) CSCuz52456 7.2 (Available) Cisco TelePresence EX Series CSCuz52455 7.3.7(SEP-2016)8.2.0 (JUL-2016) Cisco TelePresence ISDN GW 3241 CSCuz52444 2.2(113) (Available) Cisco TelePresence ISDN GW MSE 8321 CSCuz52444 2.2(113) (Available) Cisco TelePresence ISDN Link CSCuz52446 1.1.6 (Available) Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) CSCuz52447 4.5(1.86) (NOV-2016) Cisco TelePresence MX Series CSCuz52455 7.3.7(SEP-2016)8.2.0 (JUL-2016) Cisco TelePresence Profile Series CSCuz52455 7.3.7(SEP-2016)8.2.0 (JUL-2016) Cisco TelePresence SX Series CSCuz52455 7.3.7(SEP-2016)8.2.0 (JUL-2016) Cisco TelePresence Serial Gateway Series CSCuz52453 No fix is planned Cisco TelePresence Server 8710, 7010 CSCuz52458 4.2 MR2 (Available)4.4 (Available) Cisco TelePresence Server on Multiparty Media 310, 320 CSCuz52458 4.2 MR2 (Available)4.4 (Available) Cisco TelePresence Server on Virtual Machine CSCuz52458 4.2 MR2 (Available)4.4 (Available) Cisco TelePresence Supervisor MSE 8050 CSCuz52448 2.3(1.50) (Available) Cisco TelePresence System 1000 CSCuz52531 "6.1.13 (15-JAN-2016)1.10.16 (15-JAN-2016)1.9.12 (15-JAN-2016)" Cisco TelePresence System 1100 CSCuz52531 "6.1.13 (15-JAN-2016)1.10.16 (15-JAN-2016)1.9.12 (15-JAN-2016)" Cisco TelePresence System 1300 CSCuz52531 "6.1.13 (15-JAN-2016)1.10.16 (15-JAN-2016)1.9.12 (15-JAN-2016)" Cisco TelePresence System 3000 Series CSCuz52531 "6.1.13 (15-JAN-2016)1.10.16 (15-JAN-2016)1.9.12 (15-JAN-2016)" Cisco TelePresence System 500-32 CSCuz52531 "6.1.13 (15-JAN-2016)1.10.16 (15-JAN-2016)1.9.12 (15-JAN-2016)" Cisco TelePresence System 500-37 CSCuz52531 "6.1.13 (15-JAN-2016)1.10.16 (15-JAN-2016)1.9.12 (15-JAN-2016)" Cisco TelePresence TX 9000 Series CSCuz52531 "6.1.13 (15-JAN-2016)1.10.16 (15-JAN-2016)1.9.12 (15-JAN-2016)" Cisco TelePresence Video Communication Server (VCS) CSCuz55590 8.8 (Available) Cisco Telepresence Integrator C Series CSCuz52455 7.3.7(SEP-2016)8.2.0 (JUL-2016) Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) CSCuz52464 4.3.2 (JUN-2016) Cisco Video Surveillance 3000 Series IP Cameras CSCuz52490 2.8(0.297) (Available) Cisco Video Surveillance 3000 Series IP Cameras CSCuz52491 2.8(0.297) (Available) Cisco Video Surveillance 4000 Series High-Definition IP Cameras CSCuz52488 2.4(6.309) (Available) Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras CSCuz52489 3.2.8 (MAY-2016) Cisco Video Surveillance 6000 Series IP Cameras CSCuz52490 2.8(0.297) (Available) Cisco Video Surveillance 6000 Series IP Cameras CSCuz52491 2.8(0.297) (Available) Cisco Video Surveillance 7000 Series IP Cameras CSCuz52490 2.8(0.297) (Available) Cisco Video Surveillance 7000 Series IP Cameras CSCuz52491 2.8(0.297) (Available) Cisco Video Surveillance Media Server CSCuz52492 7.9 (DEC-2016) Cisco Video Surveillance PTZ IP Cameras CSCuz52490 2.8(0.297) (Available) Cisco Video Surveillance PTZ IP Cameras CSCuz52491 2.8(0.297) (Available) Cisco Videoscape Control Suite CSCuz52462 Affected systems will be updated (30-Jun-2016) Cloud Object Store (COS) CSCuz52463 3.8 (Available) Tandberg Codian ISDN GW 3210/3220/3240 CSCuz52444 2.2(113) (Available) Tandberg Codian MSE 8320 model CSCuz52444 2.2(113) (Available) Cisco Aironet 2700 Series Access Point CSCuz52410 Cisco Mobility Services Engine (MSE) CSCuz52422 8.0 (Available) Cisco Wireless Control System CSCuz73565 No fix expected. Cisco Wireless LAN Controller (WLC) CSCuz52435 8.0 MR4 (NOV-2016)8.2 MR1 (JUL-2016)8.3 (JUN-2016) Cisco Connected Analytics For Collaboration CSCuz52356 1.0.1q (29-Jul-2016) Cisco Intelligent Automation for Cloud CSCuz52460 0.9.8 (Available) Cisco Proactive Network Operations Center CSCuz52354 3.0.19 (SEP-2016) Cisco Registered Envelope Service (CRES) CSCuz52362 Affected systems have been updated. Cisco Smart Care CSCuz52473 Cisco Universal Small Cell 5000 Series running V3.4.2.x software CSCuz52520 3.5.12.21 (30-JUN-2016) Cisco Universal Small Cell 7000 Series running V3.4.2.x software CSCuz52520 3.5.12.21 (30-JUN-2016) Cisco WebEx Meeting Center CSCuz52382 3.9.0.5 (25-MAY-2016)3.9.1 (25-MAY-2016) Cisco WebEx Messenger Service CSCuz52377 Affected systems have been updated Network Health Framework (NHF) CSCuz52525 No further releases are planned Network Performance Analytics (NPA) CSCuz52526 No further releases are planned Services Analytic Platform CSCuz52357 Affected versions will be updated (30-Jul-2016)
Product Defect Fixed releases availability Cisco SocialMiner CSCux41444 Cisco WebEx Meetings Server versions 1.x CSCux41312 2.5MR6 (Available)2.6MR1 (28-Jan-2016) Cisco WebEx Meetings Server versions 2.x CSCux41312 2.5MR6 (Available)2.6MR1 (28-Jan-20...
Product Defect Fixed releases availability Cisco WebEx Meetings Server versions 1.x CSCuu82698 2.0.1.915 and later Cisco WebEx Meetings Server versions 2.x CSCuu82698 2.0.1.915 and later Cisco WebEx Node for MCS CSCuu82686 3.12.9.1 (July 2015) Cisco WebEx Social CSCuu82594 No additional releases are planned. Cisco Agent for OpenFlow CSCuu82738 4.002 (TBD) Cisco AnyConnect Secure Mobility Client for Android CSCuu83398 A patch will be available July 2015. Cisco AnyConnect Secure Mobility Client for Linux CSCuu83398 A patch will be available July 2015. Cisco AnyConnect Secure Mobility Client for Windows CSCuu83398 A patch will be available July 2015. Cisco AnyConnect Secure Mobility Client for iOS CSCuu83398 A patch will be available July 2015. Cisco Jabber Guest 10.0(2) CSCuu83421 10.7 (TBD) Cisco Jabber Software Development Kit CSCuu82560 11.0(0) (26-Aug-2015) Cisco Jabber for Android CSCuu83433 11.0 (TBD) Cisco Jabber for Mac CSCuu82558 11.0(1) (TBD) Cisco Jabber for Windows CSCuu82561 11.0 (July 2015) Cisco Jabber for iOS CSCuu82555 11.0 (Aug. 2015) Cisco WebEx Meetings Client - Hosted CSCuu83331 Affected systems have been updated. Cisco WebEx Meetings Client - On-Premises CSCuu82694 Affected systems have been updated. Cisco WebEx Meetings for Android CSCuu82689 8.5 (Sept. 2015) WebEx Meetings Server - SSL Gateway CSCuu82699 2.6 (TBD) WebEx Recording Playback Client CSCuu82702 Affected systems have been updated. Cisco ACE 30 Application Control Engine Module CSCuu82343 Affected systems have been updated. Cisco ACE 4710 Application Control Engine (A5) CSCuu82343 Affected systems have been updated. Cisco Application and Content Networking System (ACNS) CSCuu82717 5.5.41 (Oct. 2015) Cisco InTracer CSCuu83316 16.4.0 (TBD) Cisco Network Admission Control (NAC) CSCuu83378 A patch will be available for vulnerable releases Oct. 2015. Cisco Visual Quality Experience Server CSCuu83371 3.10.3 (24-July-2015)3.9.6 (31-July-2015)3.8.7 (7-Aug-2015) Cisco Visual Quality Experience Tools Server CSCuu83371 3.10.3 (24-July-2015)3.9.6 (31-July-2015)3.8.7 (7-Aug-2015) Cisco Wide Area Application Services (WAAS) CSCuu82735 5.5.5 (7-Aug-2015)6.1.0 (Sept. 2015) Cisco ASA CX and Cisco Prime Security Manager CSCuu82737 Affected systems will be updated 31-July-2015. Cisco Adaptive Security Appliance (ASA) CSCuu83280 9.2.4.1 Cisco Content Security Appliance Updater Servers CSCuu83328 2.0.3 (TBD) Cisco Content Security Management Appliance (SMA) CSCuu82683 Affected systems will be updated by 30-Jun-2015. Cisco Email Security Appliance (ESA) CSCuu82678 TBD Cisco FireSIGHT System Software CSCuu82682 5.3.0.7 (14-Sept-2015)5.3.1.6 (14-Sept-2015)5.4.0.4 (14-Sept-2015)5.4.1.3 (14-Sept-2015) Cisco IPS CSCuu82497 Cisco IPS 7.1.11 (TBD)Cisco IPS 7.3.5 (TBD) Cisco Identity Services Engine (ISE) CSCuu83386 1.4 (Oct 2015)2.0 (Oct 2015) Cisco IronPort Encryption Appliance (IEA) CSCuu82681 No additional releases are planned. Cisco NAC Guest Server CSCuu82729 No additional releases are planned. Cisco NAC Server CSCuu82725 A patch will be available for vulnerable releases Oct. 2015. Cisco Physical Access Control Gateway CSCuu82476 1.5.4 (15-Aug-2015) Cisco Secure Access Control Server (ACS) CSCuu82493 5.008 (TBD) Cisco Web Security Appliance (WSA) CSCuv84060 9.0.0 (TBD) Cisco Application Networking Manager CSCuu82344 ANM OVA 5.2.7 (TBD) Cisco Cloupia Unified Infrastructure Controller CSCuu83341 5.3.2.0 (30-Jul-2015)5.4.0.0 (30-Oct-2015) Cisco MATE Collector CSCuv32694 6.2.1(Aug/Sept 2015)6.1.4 (Aug/Sept 2015) Cisco MATE Design CSCuv32694 6.2.1(Aug/Sept 2015)6.1.4 (Aug/Sept 2015) Cisco MATE Live CSCuv32694 6.2.1(Aug/Sept 2015)6.1.4 (Aug/Sept 2015) Cisco Mobile Wireless Transport Manager CSCuu83361 6.001(10-July-2015) Cisco Multicast Manager CSCuu82380 No additional releases are planned. Cisco Netflow Collection Agent CSCuu82404 1.1.1 (12-July-2015) Cisco Network Analysis Module CSCuu82402 6.2.1 (12-July-2015) Cisco Packet Tracer CSCuu82441 7.0 (24-July-2015) Cisco Prime Access Registrar CSCuu82382 7.0.1 Cisco Prime Collaboration Assurance CSCuu82409 PCA 11.0 (Aug. 2015) Cisco Prime Collaboration Deployment CSCuu82533 11.5 (TBD) Cisco Prime Collaboration Provisioning CSCuu82408 11.0 (31-July-2015) Cisco Prime Data Center Network Manager (DCNM) CSCuu82350 Affected systems have been updated. Cisco Prime Infrastructure Standalone Plug and Play Gateway CSCuu83360 2.2.0.14 (July 2015) Cisco Prime Infrastructure CSCuu82403 3.0 (Aug. 2015) Cisco Prime LAN Management Solution (LMS - Solaris) CSCuu82378 4.002(005) (Aug. 2015) Cisco Prime License Manager CSCuu82442 11.0 (TBD) Cisco Prime Network Registrar (CPNR) CSCuu82381 8.1.x( TBD)8.2.x (TBD)8.3.2 (Sept. 2015) Cisco Prime Network Registrar IP Address Manager (IPAM) CSCut84576 IPAM 8.1.3 OVA Cisco Prime Network Services Controller CSCuu82412 Affected versions have been updated. Cisco Prime Network CSCuu82370 Affected systems have been updated. Cisco Prime Optical for Service Providers CSCuu82386 A patch will be available 25-July-2015. Cisco Prime Performance Manager CSCuu82372 1.6. (31-July-2015)1.7 (Sept 2015) Cisco Prime Security Manager CSCuu82733 9.3.5.1 (July 2015) Cisco Security Manager CSCuu82411 4.7 SP2CP1 (31-July-2015)4.8 SP1 (31-July-2015)4.9 FCS (31-Aug-2015) Cisco Show and Share (SnS) CSCuu82449 5.6.1 (Aug. 2015) Cisco UCS Central CSCuu82364 1.4(1a) (Dec. 2015) Local Collector Appliance (LCA) CSCuu82760 2.2.10 (31-July-2015) Cisco 910 Industrial Router CSCuu85190 1.2.1 (30-Jun-2015) Cisco ASR 5000 Series CSCuu83317 20.0 (TBD) Cisco Application Policy Infrastructure Controller (APIC) CSCuu83343 1.1(2h)1.2(1) (pending) Cisco Connected Grid Router - CGOS CSCuu82349 Please migrate to NXT. Cisco Connected Grid Router CSCuu83373 See CSCuu82763 for fixed releases. Cisco IOS Software and Cisco IOS XE Software CSCuu82607 15.5(03)S (TBD) Cisco IOS XE Software (Web UI feature only) CSCuu82763 (TBD) Cisco IOS XR Software CSCuu83297 See CSCur26433 for fixed releases. Cisco MDS 9000 Series Multilayer Switches CSCuv71201 6.2.15 (Dec. 2015) Cisco Nexus 1000V InterCloud CSCuu82353 3.1.1 (TBD) Cisco Nexus 1000V Series Switches CSCuu82360 N1K 5.2(1)SV3(1.5) (July 2015) Cisco Nexus 1010 CSCuu82470 5.2(1)SP1(7.4) (Oct. 2015) Cisco Nexus 3X00 Series Switches CSCuu82362 (TBD) Cisco Nexus 4000 Series Blade Switches CSCuu82499 4.1(2)E1(1p) (31-July-2015) Cisco Nexus 5000 Series Switches CSCuu83350 7.1(2)N1(1) Cisco Nexus 6000 Series Switches CSCuu83350 7.1(2)N1(1) Cisco Nexus 7000 Series Switches CSCuu82356 6.2.14 (15-Aug-2015)7.2 (30-Sept-2015) Cisco Nexus 9000 (ACI/Fabric Switch) CSCuu83344 Cisco Nexus 9000 Series (standalone, running NxOS) CSCuu82359 7.0(3)I2(1).(30-Jun-2015) Cisco ONS 15454 Series Multiservice Provisioning Platforms CSCuu82475 10.52 Cisco OnePK All-in-One VM CSCuu82474 Admin update via shell Cisco Service Control Operating System CSCuu82515 5.2.0 (Sept. 2015) Cisco RV180W Wireless-N Multifunction VPN Router CSCuu83390 No further releases are planned. Cisco Sx220 Switches CSCuu83388 1.1.x.x (TBD) Cisco Sx300 Switches CSCuu83393 1.5.x.x (June 2016) Cisco Sx500 Switches CSCuu83395 1.5..x.x (June 2016) Cisco Standalone Rack Server CIMC CSCuu82366 2.0.8 (Aug. 2015) Cisco UCS Invicta Series Solid State Systems CSCuu82354 TBD Cisco Unified Computing System (Management software) CSCuu83383 3.1(0.9)A (Oct. 2015) Cisco Unified Computing System B-Series Blade Servers CSCuu83352 2.2.7 (Feb. 2016) Cisco Virtual Security Gateway CSCuu83351 5.2(1)VSG2(1.4) (Aug. 30 2015) Cisco Virtualization Experience Media Engine CSCuu83434 No further releases planned. Cisco 190 ATA Series Analog Terminal Adaptor CSCuu82526 1.2.2 (June 2016) Cisco 8800 Series IP Phones - VPN Feature CSCuu83429 11.0 (TBD) Cisco ATA 187 Analog Telephone Adaptor CSCuu82570 9.2(3) (30-Dec-2015) Cisco Agent Desktop for Cisco Unified Contact Center Express CSCuu83413 11.0 (Aug. 2015) Cisco Agent Desktop CSCuu82330 9.5(1) (TBD) Cisco Computer Telephony Integration Object Server (CTIOS) CSCuu82335 11.0 (TBD) Cisco DX Series IP Phones CSCuu82576 TBD Cisco Emergency Responder CSCuu82547 11.5 (TBD) Cisco Finesse CSCuu83416 Cisco Hosted Collaboration Mediation Fulfillment CSCuu82553 10.6.2 (TBD) Cisco IM and Presence Service (CUPS) CSCuu82551 11.5.0.98000-120 (TBD) Cisco IP Interoperability and Collaboration System (IPICS) CSCuu82461 IPICS 5.0 (Dec. 2015) Cisco MediaSense CSCuu82571 10.5 (TBD)11.0 (TBD) Cisco MeetingPlace CSCuu82563 8.6 (9-July-2015) Cisco Paging Server (InformaCast) CSCuu82554 11.0.2 (6-July-2015) Cisco Paging Server CSCuu82554 11.0.2 (6-July-2015) Cisco SPA112 2-Port Phone Adapter CSCuu82486 1.4.1 (31-Oct-2015) Cisco SPA122 ATA with Router CSCuu82486 1.4.1 (31-Oct-2015) Cisco SPA232D Multi-Line DECT ATA CSCuu82486 1.4.1 (31-Oct-2015) Cisco SPA30X Series IP Phones CSCuu82490 7.6.1 (17-Sept-2015) Cisco SPA50X Series IP Phones CSCuu82490 7.6.1 (17-Sept-2015) Cisco SPA51X Series IP Phones CSCuu82490 7.6.1 (17-Sept-2015) Cisco SPA525G CSCuu82487 7.6.1 (17-Sept-2015) Cisco SocialMiner CSCuu82529 11.5(1) Cisco Unified 7800 Series IP Phones CSCuu82579 11.0 (Oct. 2015) Cisco Unified 8831 Series IP Conference Phone CSCuu82568 10.3.2 (Oct. 2015) Cisco Unified 8945 IP Phone CSCuu83426 TBD Cisco Unified 8961 IP Phone CSCuu83419 9.4(2) (Feb. 2016) Cisco Unified 9951 IP Phone CSCuu83419 9.4(2) (Feb. 2016) Cisco Unified 9971 IP Phone CSCuu83419 9.4(2) (Feb. 2016) Cisco Unified Attendant Console Advanced CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Business Edition CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Department Edition CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Enterprise Edition CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Premium Edition CSCuu82523 11.0.1 (19-Aug-2015) Cisco Unified Attendant Console Standard CSCuu82525 11.5(1) (Sept. 2015) Cisco Unified Communications Domain Manager CSCuu82540 Affected systems have been updated. Cisco Unified Communications Manager (UCM) CSCuu82530 11.5 (TBD) Cisco Unified Communications Manager Session Management Edition (SME) CSCuu82530 11.5 (TBD) Cisco Unified Contact Center Enterprise CSCuu82335 11.0 (TBD) Cisco Unified Contact Center Express CSCuu82538 11.0 (Aug. 2015) Cisco Unified IP Conference Phone 8831 for Third-Party Call Control CSCuu82519 9.3(5) (31-Dec-2015) Cisco Unified IP Phone 7900 Series CSCuu82580 9.4(1)SR1.2 Cisco Unified Intelligence Center (CUIC) CSCuu82332 11.5 (May 2016) Cisco Unified Intelligent Contact Management Enterprise CSCuu82335 11.0 (TBD) Cisco Unified SIP Proxy CSCuu82329 8.5(x) (June 2016)9.0.1 (June 2016) Cisco Unified Wireless IP Phone CSCuu83436 1.4.8 (Dec. 2015) Cisco Unified Workforce Optimization CSCuu82595 10.5 SR611.0 Cisco Unity Connection CSCuu83410 9.1(2) (TBD)11.5 (TBD)10.5(2) (TBD) Cisco AnyRes Live (CAL) CSCuu82742 9.6 (Aug. 2015) Cisco D9036 Modular Encoding Platform CSCuu82746 2.4 (Oct. 2015) Cisco Digital Media Players (DMP) 4300 Series CSCuu83362 5.4(1)RB(2P3) (15-July-2015)5.3(6)RB(2P3) (15-July-2015) Cisco Digital Media Players (DMP) 4400 Series CSCuu83362 5.4(1)RB(2P3) (15-July-2015)5.3(6)RB(2P3) (15-July-2015) Cisco Edge 300 Digital Media Player CSCuu82504 1.6RB3 (15-July-2015) Cisco Edge 340 Digital Media Player CSCuu82505 1.2 (15-July-2015) Cisco Enterprise Content Delivery System (ECDS) CSCuu83363 2.6.5 (31-July-2015) Cisco Expressway Series CSCuu82459 X8.6 (July 2015) Cisco Headend System Release CSCuu86854 3.0.2 Cisco Internet Streamer (CDS) CSCuu82713 4.2 (TBD) Cisco Jabber Video for TelePresence (Movi) CSCuu82436 No additional releases are planned. Cisco Media Experience Engines (MXE) CSCuu83369 MXE3500 v3.5 (22-Jun-2015) Cisco Media Services Interface CSCuu82417 No additional releases are planned. Cisco Model D9485 DAVIC QPSK CSCuu82739 1.2.19 (31-Jul-2015) Cisco TelePresence 1310 CSCuu82518 Cisco TelePresence Advanced Media Gateway Series CSCuu82419 No additional releases are planned. Cisco TelePresence Conductor CSCuu82420 X4.0 (27-July-2015) Cisco TelePresence Content Server (TCS) CSCuu74320 6.3 (21-July-2015) Cisco TelePresence EX Series CSCuu82450 7.3.3 (19-June-2015) Cisco TelePresence ISDN GW 3241 CSCuu82429 2.2MR5 (Sept. 2015) Cisco TelePresence ISDN GW MSE 8321 CSCuu82429 2.2MR5 (Sept. 2015) Cisco TelePresence ISDN Link CSCuu82431 1.1.6 (Jan. 2016) Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) CSCuu82435 4.5MR2 (July 2015) Cisco TelePresence MX Series CSCuu82450 7.3.3 (19-June-2015) Cisco TelePresence Profile Series CSCuu82450 7.3.3 (19-June-2015) Cisco TelePresence SX Series CSCuu82450 7.3.3 (19-June-2015) Cisco TelePresence Serial Gateway Series CSCuu82447 1.0MR5 (Oct. 2015) Cisco TelePresence Server 8710, 7010 CSCuu82452 4.2 (July 2015) Cisco TelePresence Server on Multiparty Media 310, 320 CSCuu82452 4.2 (July 2015) Cisco TelePresence Server on Virtual Machine CSCuu82452 4.2 (July 2015) Cisco TelePresence Supervisor MSE 8050 CSCuu82437 2.3 (July 2015) Cisco TelePresence System 1000 CSCuu82518 Cisco TelePresence System 1100 CSCuu82518 Cisco TelePresence System 1300 CSCuu82518 Cisco TelePresence System 3000 Series CSCuu82518 Cisco TelePresence System 500-32 CSCuu82518 Cisco TelePresence System 500-37 CSCuu82518 Cisco TelePresence TX 9000 Series CSCuu82518 Cisco TelePresence Video Communication Server (VCS) CSCuu82459 X8.6 (July 2015) Cisco Telepresence Integrator C Series CSCuu82450 7.3.3 (19-June-2015) Cisco VEN501 Wireless Access Point CSCuu82710 20.2.48.11 (July 2015) Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) CSCuu83370 4.2 (31-July-2015) Cisco Video Surveillance 3000 Series IP Cameras CSCuu82480 2.7 (31-Jan-2016) Cisco Video Surveillance 4000 Series High-Definition IP Cameras CSCuu82478 Affected systems will be updated 31-Jan-2016. Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras CSCuu82479 Affected systems will be updated 31-Jan-2016. Cisco Video Surveillance 6000 Series IP Cameras CSCuu82480 2.7 (31-Jan-2016) Cisco Video Surveillance 7000 Series IP Cameras CSCuu82480 2.7 (31-Jan-2016) Cisco Video Surveillance Media Server CSCuu82481 7.7.0 (26-Sept-2015) Cisco Video Surveillance PTZ IP Cameras CSCuu82480 2.7 (31-Jan-2016) Cisco Videoscape Control Suite CSCuu86705 3.6 (TBD) Cloud Object Store (COS) CSCuu82712 2.1.2 (Available)3.0.1 (24-July-2015) Tandberg Codian ISDN GW 3210/3220/3240 CSCuu82429 2.2MR5 (Sept. 2015) Tandberg Codian MSE 8320 Model CSCuu82429 2.2MR5 (Sept. 2015) Cisco IOS Access Points CSCuu71585 See CSCuu82607 for first fixes. Cisco Mobility Services Engine (MSE) CSCuu83358 8.0 - 8.0.130.0 (15-Oct-2015) Cisco Wireless LAN Controller (WLC) CSCuu82416 8.2 and previous releases (Nov. 2015) Cisco Common Services Platform Collector CSCuu82668 Affected systems have been updated. Cisco Connected Analytics For Collaboration CSCuu82671 A patch will be available June 30, 2015. Cisco Intelligent Automation for Cloud CSCuu82460 A patch file is available for vulnerable releases. Cisco Registered Envelope Service (CRES) CSCuu83326 4.4.1 (10-Jun-2015) Cisco Universal Small Cell 5000 Series running V3.4.2.x software CSCuu82508 V3.4.2.24 (July 2015) Cisco Universal Small Cell 7000 Series running V3.4.2.x software CSCuu82508 V3.4.2.24 (July 2015) Cisco Universal Small Cell CloudBase CSCuu83403 TBD Cisco WebEx Messenger Service CSCuu82700 7.9.8 EP 1 (19-Jun-2015) Cisco Webex Multimedia Platform CSCuu83333 3.8.3.1 Partner Supporting Service (PSS) 1.x CSCuu83380 2.7 (10-Jul-2015) Small Cell factory recovery root filesystem V2.99.4 or later CSCuu83402 TBD
Google plans to disable support for SSL 3.0 in an upcoming Chrome release. Mozilla has similar intentions. Google researchers first publicly disclosed a flaw dubbed "POODLE" in the SSL 3.0 protocol on Oct. 14. Though Google made a patch available for servers to help mitigate the risk, one of the best long-term solutions to the flaw is for browser vendors to drop support for SSL 3.0, which is now what Google is pledging to do for its Chrome browser. The POODLE, or Padding Oracle On Downgraded Legacy Encryption, vulnerability could potentially enable an attacker to access and read encrypted communications. SSL 3.0 is a legacy protocol that has been replaced by the newer TLS 1.2 although many browser and server vendors have still supported SSL 3.0 as a fallback mechanism. In a mailing list posting, Google developer Adam Langley wrote that for the upcoming Chrome 39 stable release, SSL 3.0 fallback will be disabled. "SSLv3 fallback is only needed to support buggy HTTPS servers," Langley wrote. "Servers that correctly support only SSLv3 will continue to work (for now), but some buggy servers may stop working." If a user hits a server or online application that doesn't work, due to the SSL 3.0 fallback removal, Chrome will show a yellow badge over the lock icon in the browser. By disabling the fallback and showing the yellow warning badge, Google is giving site owners a chance to update their sites before dropping SSL 3.0 entirely. The current plan is for Chrome 40 to completely disable SSL 3.0 support. Google isn't the only browser vendor to take steps to limit the risk of POODLE. The upcoming Mozilla Firefox 34 release is also set to remove support for SSL 3.0. Microsoft however is taking a slightly different tack for its Internet Explorer browser. There is now a "Fix it" tool from Microsoft to disable support for SSL 3.0. When POODLE was first reported on Oct. 14, Microsoft wrote in an advisory that, "considering the attack scenario, this vulnerability is not considered high risk to customers." Apple has also taken steps to limits its users' exposure to POODLE. In its Mac OS X operating systems, Apple has not entirely blocked SSL 3.0, but rather has disabled the use of CBC, or cipher block chaining, with Secure Sockets Layer (SSL), which is at the root cause of the POODLE flaw. Though the POODLE flaw was disclosed two weeks ago, to date there have been no public reports of any exploitation as a result of the vulnerability. In contrast, a SQL injection vulnerability reported in the open-source Drupal content management system on Oct. 15 was exploited by attackers within seven hours. The fact that POODLE has not been actively exploited is likely due to a number of factors, including very low usage of SSL 3.0. Mozilla noted when POODLE was first disclosed that SSL 3.0 only accounted for 0.3 percent of all HTTPS connections. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Cyber security is "an important part of the UK's economic plans", which is why it's essential that the issue isn't just confined to the IT department, but to every individual within all organisations. That's what Cabinet Office Minister Francis Maude MP said in a speech to the Payments Council Cyber Security Conference, in which he emphasised the importance of cooperation at all levels, be it among the authorities or between employees within a business, in order to ensure the UK is protected against cyber attacks. Maude is a vocal supporter of using the internet to provide access to public services, previously arguing "if it can be done online, it should only be done online". Nonetheless, he emphasised the importance of being protected against the potential cyber threats that come with being online. "Cyber security is an important part of our long-term economic plan - because we want the UK to be one of the most secure places in the world to do business," Maude told the audience, arguing that the vastness of the internet and the threats it presents means there's no scope for any business to work on its own in the fight against cyber crime.  "The internet is too large - and the threat too complex - for any single organisation to respond by itself," he said. "We will only be truly effective when we work together, pool resources, share information and co-ordinate our response," Maude continued, adding: "That's why our law enforcement agencies are working in partnership with their international counterparts." As an example of this cooperation, Maude detailed how the National Crime Agency (NCA) worked alongside the FBI, Europol, GCHQ and the German Federal Police, along with private firms including BAE Systems Applied Intelligence, Dell SecureWorks and Kaspersky Lab, to take down the notorious Shylock malware. While the rise of online commerce and different methods of payment represents "good news for businesses and the public alike", Maude said that it's the responsibility of everyone to be attentive to the threats posed by computer hacking and other cyber crime. "But it does mean we must be vigilant and protect ourselves online and cyber security must not just be an issue for the IT department - it's an issue for the boardroom too," he said, before going on to argue that it's only through cooperation at all levels that cyber crime can truly be fought against. "So my message today is that we must continue to work together. Because only by working together can we share the information and intelligence necessary to combat the threats more effectively," said Maude. "And only by working together can we educate businesses and the public, so that we can mitigate our weaknesses before cyber criminals have an opportunity to exploit them," he continued, adding that this strategy "will help make the UK one of the most secure places in the world to do business". He continued: "It will help ensure people have confidence in the security of new technologies, so that they can continue to benefit from the many ways in which the digital revolution is transforming our lives." While Maude emphasised the importance that organisations must place on cyber security, a recent Ernst & Young report claimed most organisations are unprepared for "inevitable" cyber attacks.
Makes it easy to apply the right policies to the correct network segment - without complex configurationsUnderstand your network and don't rely on VLANs for segmentationWoking, Surrey: 31/10/2014 - Wick Hill is now shipping the WatchGuard Firebox ® M440 UTM/NGFW appliance - https://www.wickhill.com/products/vendors/product/917/WatchGuard-Firebox-M440-Firewall. The Firebox M440 makes it easy to apply the right policies to the correct network segment - without complex configurations. It is the first appliance rich in truly independent ports, removing the need for complex configurations such as VLANs and instantly simplifying the critical process of applying traffic-appropriate policies across multiple network segments - a process that to date, has often been beyond the technical reach of many IT organizations. Plus, WatchGuard's visibility solution, Dimension™, provides the industry's only real-time, single-pane-of-glass view of the effect each policy is having on that segment's traffic.Ian Kilpatrick, chairman Wick Hill Group, commented: "WatchGuard has provided two very topical solutions to major security issues for organisations, providing both strong, easy segmentation and clear network activity visibility. These are market-leading solutions solving a real and current problem and we will see strong sales. The M440, with its high port density and competitive pricing, is also ideal for local authorities and other organisations connecting to the PSN." "Network security solutions are only good if they're not too difficult for IT pros to use," said Dave R. Taylor, vice president of corporate strategy and product management for WatchGuard. "The Firebox M440 makes it drop-dead easy to create segments, map the traffic, create custom policies based on what traffic is in each segment, and instantly see how it affects traffic. Applying the appropriate security policies to the correct traffic flows is what truly defines the success of your segmentation strategy and the Firebox M440 takes the configuration complexity out of the process."Firebox M440The Firebox M440 incorporates the same strong security, high performance and flexible management tools that distinguish WatchGuard's other UTM and NGFW solutions, but this model delivers especially robust port density with twenty-five 1Gb Ethernet ports and two 10 Gb SFP+ (fiber) ports. Eight of the ports provide Power over Ethernet (PoE), which is ideal for WatchGuard Access Points.Because it's rich in independent ports, the Firebox M440 is an excellent platform for defining different network segments, which industry experts acknowledge as the best practice for securing and protecting data. WatchGuard makes it easy to define policy and add security services for each segment. The new policy map feature in WatchGuard Dimension™, which comes standard on all M440 appliances, provides excellent visibility to the traffic in each segment.About Wick Hill Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions. The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions.Wick Hill is part of the Wick Hill Group, based in Woking, Surrey with sister offices in Hamburg. Wick Hill is particularly focused on providing a wide range of value added support for its channel partners. This includes a strong lead generation and conversion programme, technical and consultancy support for reseller partners in every stage of the sales process, and extensive training facilities. For more information about Wick Hill, please visit http://www.wickhill.com/company/company-profile or www.twitter.com/wickhill About WatchGuard Technologies, Inc.WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry standard hardware, best-of-breed security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard products are backed by WatchGuard LiveSecurity® Service, an innovative support program. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.ENDSFor further press information, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com. For reader queries, contact Wick Hill on 01483 227600. Web http://www.wickhill.com. For pic of Ian Kilpatrick, please contact Annabelle Brown or download from www.wickhill.com/company/press/pictures. Source: RealWire