The official site for Saudi CERT
Cisco Updates
2767
Warning Date
Severity Level
Warning Number
Target Sector
2 July, 2020
● Medium
2020-1430
All
Description:
Cisco has released security updates to address multiple vulnerabilities in the following products:
- 250 Series Smart Switches
- 350 Series Managed Switches
- 350X Series Stackable Managed Switches
- 550X Series Stackable Managed Switches
- Small Business 200 Series Smart Switches
- Small Business 300 Series Managed Switches
- Small Business 500 Series Stackable Managed Switches
- Cisco Small Business RV042 and RV042G Routers firmware
- releases earlier than Release 4.2.3.14.
- Cisco ISE
- releases earlier than Release 2.6 Patch 7.
- Cisco DNA Center
- releases earlier than Release 1.2.10.
- Cisco Unified CVP
- releases 12.5(1) and earlier.
- Cisco Unified CM software
- Cisco Unified CM SME software
- Unified Communications Manager (Unified CM)
- Unified Communications Manager Session Management Edition (Unified CM SME)
- Unified Communications Manager IM & Presence Service (Unified CM IM&P)
- Unity Connection
- Cisco AnyConnect Secure Mobility Client for Mac OS
- releases earlier than 4.9.00086.
Threats:
a remote attacker could exploit these vulnerabilities by doing the following:
- Gain unauthorized access to the system remotely
- Remote Cross-site scripting (XSS)
- Gain access to sensitive information on an affected system remotely
- Remote information disclosure
- Files corruption
Best practice and Recommendations:
The CERT team encourages users to review Cisco security advisory and apply the necessary updates:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-6xsCyDYy
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-info-dislosure-NZBEwj9V
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-dos-36s2y3Lv
Rate the content
Share the page
