Security Warnings

Your review has been sent successfully
Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Cisco Updates

235

Warning Date: 10 November, 2019

Severity Level ● High

Warning Number: 2019-605

Target Sector: All

Description:

Cisco has released security updates to address multiple vulnerabilities in the following products:

  • Cisco Industrial Network Director (IND) 1.7.1-45 and later
  • TelePresence Collaboration Endpoint (CE) earlier than 9.8.1
  • Cisco AsyncOS Software for Cisco Web Security Appliance (WSA)
  • Cisco Small Business SPA500 Series IP Phones 7.6.2SR5 and earlier
  • Cisco RoomOS Software earlier than RoomOS September Drop 1 2019
  • Cisco Web Security Appliance (WSA) earlier than 11.8.0-332
  • Cisco Prime Infrastructure (PI) prior to 3.4.2, 3.5.1, 3.6.0 Update 02
  • Cisco Evolved Programmable Network Manager (EPNM) prior to 3.0.2
  • Cisco Small Business RV Series Routers firmware earlier than 4.2.3.10
  • Cisco Webex Network Recording Player for Microsoft Windows
  • Cisco Webex Player for Microsoft Windows
  • Cisco Webex Meetings earlier than 39.7.0
  • Cisco Wireless LAN Controller Software Release 8.4 and later, and earlier than 8.10

Threats:

Remote attacker could exploit these vulnerabilities by doing the following:

  • Cross-site scripting (XSS) attack.
  • Enable audio recording without notifying users.
  • Denial of service attack (DoS).
  • Privilege escalation.
  • Execute arbitrary code as a root.

Best practice and Recommendations:

The CERT team encourages users to review Cisco security advisory and apply the necessary updates: https://tools.cisco.com/security/center/publicationListing.x

Last updated at 24 December, 2019

Rate the content

rate-icon