Your review has been sent successfully

Cisco Updates

2572
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

5 March, 2020

● Medium

2020-987

All

Description

Cisco has released a security updates to address multiple vulnerabilities in the following products:

  • Cisco ESA and Cisco Cloud Email Security
    • Release 13.0.0-392 and earlier
  • Cisco WSA
    • Release 12.0.1-268 and earlier
  • Cisco SMA
    • Releases earlier than 13.6.0
  • Cisco AsyncOS Software for Cisco ESA
    • Releases 13.0.0 and earlier.
  • Cisco IOS XR Software
    • Releases prior to 6.4.3, 6.6.3, 7.0.2 and 7.1.1
    • the IPsec process ipsec_mp or ipsec_pp running. Both IPsec processes are running in Cisco IOS XR Software by default. Cisco ISE
    • Releases 2.7 and earlier
  • Cisco Prime Collaboration Provisioning
    • Releases 12.6 SU1 and earlier.
  • Cisco Prime Collaboration Provisioning
    • Releases 12.6 SU1 and earlier.
  • Remote PHY 120:
    • Earlier than Release 7.7
  • Remote PHY 220:
    • all releases
  • Remote PHY Shelf 7200:
    • all releases
  • Cisco TMS
    • Releases 15.9.0 and earlier.
  • Cisco Webex Meetings Client for MacOS
    • Releases 40.1.8.5 and earlier.
  • Cisco Webex Meetings — All Webex Network Recording Player and Webex Player
    • Releases earlier than Release WBS 39.5.17 or WBS 39.11.0
  • Cisco Webex Meetings Online — All Webex Network Recording Player and Webex Player
    • Releases earlier than Release 1.3.49
  • Cisco Webex Meetings Server — All Webex Network Recording Player
    • Releases earlier than Release 3.0MR3SecurityPatch1 and 4.0MR2SecurityPatch2
  • Cisco Prime Network Registrar
    • Releases earlier than 10.1.
  • Cisco Intelligent Proximity application
  • Cisco Jabber
  • Cisco Webex Meetings
  • Cisco Webex Teams
  • Cisco Meeting App

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • obtain details about the operating system
  • Execute arbitrary code
  • Arbitrary commands as the root user
  • Gain access to sensitive information.
  • Cross-site request forgery (CSRF( remotely.

Best practice and Recommendations:

The CERT team encourages users to review Dell security advisory and apply the necessary update:

Last updated at 5 March, 2020

Rate the content

rate-icon
up icon