Cisco Updates
2286Warning Date
Severity Level
Warning Number
Target Sector
22 July, 2021
● Medium
2021-3238
All
Description:
Cisco has released security updates to address multiple vulnerabilities in the following products:
- Cisco Intersight Virtual Appliance
- Releases earlier than the first fixed release for IPv4 traffic
- Releases 1.0.9-184 to the first fixed release for IPv6 traffic
- Earlier than Release 1.0.9-292
- Cisco SD-WAN vManage Software
- Cisco FDM On-Box Software
- Cisco Unified CVP
- Release 12.5(1)
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS)
- Cross-site scripting (XSS)
- Information disclosure
- Privilege Escalation
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review Cisco security advisory and apply the necessary updates:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-xss-yvE6L8Zq
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-rce-Rx6vVurq
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-infdis-LggOP9sE
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8