The official site for Saudi CERT
Cisco Updates
4117
Warning Date
Severity Level
Warning Number
Target Sector
5 November, 2020
● High
2020-2017
All
Description:
Cisco has released security updates to address several vulnerabilities in the following products:
- Cisco IOS XR 64-bit
- Cisco IOS XE Software
- Releases 17.2.1 and earlier
- Webex Meetings
- Webex Teams web-based interface
- Webex Board if they were running a Cisco TelePresence CE Software release earlier than Release 9.14.3
- Webex Desk Pro if they were running a Cisco TelePresence CE Software release earlier than Release 9.14.3
- Webex Room Series if they were running a Cisco TelePresence CE Software release earlier than Release 9.14.3
- SD-WAN Software
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Cloud Routers
- SD-WAN vEdge Routers
- SD-WAN vManage Software
- SD-WAN vSmart Controller Software
- IOS XE SD-WAN Software
- Releases 16.12.2r and earlier
- Cisco IP Phones
- IP DECT 210 Multi-Cell Base Station with Multiplatform Firmware
- IP DECT 6825 with Multiplatform Firmware
- IP Phone 8811 Series with Multiplatform Firmware
- IP Phone 8841 Series with Multiplatform Firmware
- IP Phone 8851 Series with Multiplatform Firmware
- IP Phone 8861 Series with Multiplatform Firmware
- Unified IP Conference Phone 8831 for Third-Party Call Control
- Webex Room Phone
- Cisco AnyConnect Secure Mobility Client Software
- Linux
- MacOS
- Windows
- Cisco ISE
- Cisco Unified CM IM&P
- Release 12.5(1)SU3
- Cisco ESA
- Releases earlier than Release 13.5.2.
- Cisco Edge Fog Fabric
- Releases earlier than Release 1.7.4.
- Cisco UCS C-Series Servers that were running Cisco Integrated Management Controller
- Releases 4.0(4h)C and earlier.
- Cisco AnyConnect Secure Mobility Client for Windows
- Releases earlier than Release 4.9.03047.
- Cisco IMC
- Releases earlier than Release 3.0(3e).
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Code execution
- Denial of service attack (DoS)
- Privileges escalation
- Bypass of a protection mechanism
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review Cisco security advisory and apply the necessary updates:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmxss2-NL4KSSVR
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanxsshi-9KHEqRpM
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanxss2-ugJyqxWF
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanxss1-XhJCymBt
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx2-KpFVSUc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanuafw-ZHkdGGEy
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanpt2-FqLuefsS
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-privilege-zPmMf73k
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-file-Y2JSRNRb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tele-info-DrEGLpDQ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxs-pkjCmq9d
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-euRCwX9
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-fNZX8hHj
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cedge-filt-bypass-Y6wZMqm4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-file-read-LsvDD6Uh
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CIMC-CIV-pKDBe9x5
Rate the content
Share the page
