Warning Date: 10 November, 2019
Severity Level ● High
Warning Number: 2019-605
Target Sector: All
Cisco has released security updates to address multiple vulnerabilities in the following products:
- Cisco Industrial Network Director (IND) 1.7.1-45 and later
- TelePresence Collaboration Endpoint (CE) earlier than 9.8.1
- Cisco AsyncOS Software for Cisco Web Security Appliance (WSA)
- Cisco Small Business SPA500 Series IP Phones 7.6.2SR5 and earlier
- Cisco RoomOS Software earlier than RoomOS September Drop 1 2019
- Cisco Web Security Appliance (WSA) earlier than 11.8.0-332
- Cisco Prime Infrastructure (PI) prior to 3.4.2, 3.5.1, 3.6.0 Update 02
- Cisco Evolved Programmable Network Manager (EPNM) prior to 3.0.2
- Cisco Small Business RV Series Routers firmware earlier than 220.127.116.11
- Cisco Webex Network Recording Player for Microsoft Windows
- Cisco Webex Player for Microsoft Windows
- Cisco Webex Meetings earlier than 39.7.0
- Cisco Wireless LAN Controller Software Release 8.4 and later, and earlier than 8.10
Remote attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS) attack.
- Enable audio recording without notifying users.
- Denial of service attack (DoS).
- Privilege escalation.
- Execute arbitrary code as a root.
Best practice and Recommendations:
The CERT team encourages users to review Cisco security advisory and apply the necessary updates: https://tools.cisco.com/security/center/publicationListing.x