The official site for Saudi CERT
Cisco Updates
2314
Warning Date
Severity Level
Warning Number
Target Sector
5 March, 2020
● Medium
2020-987
All
Description
Cisco has released a security updates to address multiple vulnerabilities in the following products:
- Cisco ESA and Cisco Cloud Email Security
- Release 13.0.0-392 and earlier
- Cisco WSA
- Release 12.0.1-268 and earlier
- Cisco SMA
- Releases earlier than 13.6.0
- Cisco AsyncOS Software for Cisco ESA
- Releases 13.0.0 and earlier.
- Cisco IOS XR Software
- Releases prior to 6.4.3, 6.6.3, 7.0.2 and 7.1.1
- the IPsec process ipsec_mp or ipsec_pp running. Both IPsec processes are running in Cisco IOS XR Software by default. Cisco ISE
- Releases 2.7 and earlier
- Cisco Prime Collaboration Provisioning
- Releases 12.6 SU1 and earlier.
- Cisco Prime Collaboration Provisioning
- Releases 12.6 SU1 and earlier.
- Remote PHY 120:
- Earlier than Release 7.7
- Remote PHY 220:
- all releases
- Remote PHY Shelf 7200:
- all releases
- Cisco TMS
- Releases 15.9.0 and earlier.
- Cisco Webex Meetings Client for MacOS
- Releases 40.1.8.5 and earlier.
- Cisco Webex Meetings — All Webex Network Recording Player and Webex Player
- Releases earlier than Release WBS 39.5.17 or WBS 39.11.0
- Cisco Webex Meetings Online — All Webex Network Recording Player and Webex Player
- Releases earlier than Release 1.3.49
- Cisco Webex Meetings Server — All Webex Network Recording Player
- Releases earlier than Release 3.0MR3SecurityPatch1 and 4.0MR2SecurityPatch2
- Cisco Prime Network Registrar
- Releases earlier than 10.1.
- Cisco Intelligent Proximity application
- Cisco Jabber
- Cisco Webex Meetings
- Cisco Webex Teams
- Cisco Meeting App
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- obtain details about the operating system
- Execute arbitrary code
- Arbitrary commands as the root user
- Gain access to sensitive information.
- Cross-site request forgery (CSRF( remotely.
Best practice and Recommendations:
The CERT team encourages users to review Dell security advisory and apply the necessary update:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cont-sec-gui-dos-nJ625dXb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-resource-exhaust-D7RQAhnD
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipsec-dos-q8UPX6m
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-BR7nEDjG
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prim-collab-disclo-FAnX4DKB
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-collab-xss-RjRCe9n7
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rphy-cmdinject-DpEjeTgF
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tms-xss-4VXKdLO
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-info-disc-OHqg982
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-csrf-WWTrDkyL
Rate the content
Share the page
