Cisco Updates

Your review has been sent successfully

Cisco Updates

3338

Classification

Security Alert

● Critical

● High

● Medium

● Low

Warning Date

Severity Level

Warning Number

Target Sector

23 June, 2020

● High

2020-1387

All

Description:

Cisco has released security updates to address multiple vulnerabilities in the following products:

Cisco Webex Meetings sites
- Releases WBS 39.5.25 and earlier
WBS 40.4.10 and earlier
- Releases WBS 40.6.0
Cisco Webex Meetings Server
- Releases 4.0MR3 and earlier
Cisco Webex Meetings Desktop App
- Releases earlier than Release 39.5.12.
Cisco Webex Meetings Desktop App for Windows
- Releases earlier than 40.6.0.
Cisco Webex Meetings Desktop App for Mac
- earlier than Release 39.5.11.
Cisco TelePresence Collaboration Endpoint Software and RoomOS Software
- Releases earlier than May Drop 2 2020.
Cisco Small Business routers and firmware releases:
- RV016 Multi-WAN VPN: 4.2.3.10 and earlier
- RV042 Dual WAN VPN: 4.2.3.10 and earlier
- RV042G Dual Gigabit WAN VPN: 4.2.3.10 and earlier
- RV082 Dual WAN VPN: 4.2.3.10 and earlier
- RV320 Dual Gigabit WAN VPN: 1.5.1.05 and earlier
- RV325 Dual Gigabit WAN VPN: 1.5.1.05 and earlier
Cisco Small Business RV110W Wireless-N VPN Firewall
- 1.2.2.5 and earlier
Cisco Small Business RV130 VPN Router
- 1.0.3.54 and earlier
Cisco Small Business RV130W Wireless-N Multifunction VPN Router
- 1.0.3.54 and earlier
Cisco Small Business RV215W Wireless-N VPN Router
- 1.3.1.5 and earlier
Cisco IOS XR Software Train
- 6.7
  - 6.7.1
- 7.0
  - 7.0.2, 7.0.11, 7.0.12
7.1
- 7.1.1, 7.1.15
Cisco Umbrella
Cisco UCS Director software
- releases earlier than Release 6.7.4.0.
Cisco SSM On-Prem
- Releases earlier than Release 8-202004.
Cisco NSO software releases earlier than
- Release 4.7.7.3 and Release 5.1.4.2.
Cisco Enterprise NFVIS
- Releases earlier than Release 4.1.1.
Cisco AMP for Endpoints (MacOS and Linux)
ClamAV
Cisco ESA
- Releases earlier than Release 13.5.0.

Threats:

a remote attacker could exploit these vulnerabilities by doing the following:

Gain unauthorized access to a vulnerable Webex site remotely
Execute programs on an affected system remotely
Execute arbitrary code remotely
Gain access to sensitive information on an affected system remotely.
Create arbitrary user accounts remotely.
Denial of service (DoS) remotely

Best practice and Recommendations:

The CERT team encourages users to review Cisco security advisory and apply the necessary updates:

Last updated at 23 June, 2020

Cisco Updates

Classification

Most Viewed Warnings