Security Warnings

Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Cisco Updates

494

Warning Date: 19 November, 2020

Severity Level ● High

Warning Number: 2020-2094

Target Sector: All

Description:

Cisco has released security updates to address several vulnerabilities in the following products:

  • Cisco Webex Meetings
  • Cisco IMC
  • 5000 Series Enterprise Network Compute System (ENCS) Platforms
  • UCS C-Series Rack Servers in standalone mode
  • UCS E-Series Servers
  • UCS S-Series Servers in standalone mode
  • Cisco DNA Spaces Connector software
    • Release 2.2 and prior
  • Cisco IoT FND
    • releases earlier than Release 4.6.1.
  • Cisco AsyncOS for the Secure Web Appliance, both virtual and hardware appliances.
  • Cisco Webex Meetings
  • Cisco Telepresence CE Software
  • Cisco RoomOS Software
  • Cisco Expressway Series
  • Cisco TelePresence Video Communication Server (VCS)
    • running a software release earlier than Release X12.6.3

Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Join a Webex meeting as a "ghost user", invisible to others on the participant list, but with full access to audio, video, chats, and screen sharing.
  • Remain in a Webex meeting as a ghost audio user even after being expelled from it.
  • Obtain information on meeting participants, such as full names, email addresses, and IP addresses. This information could also be obtained from the meeting room lobby, even before the attacker was admitted to a call.
  • Code execution with root privileges
  • Privileges escalation with root privileges
  • Code Injection with root privileges
  • Cross-site scripting (XSS)
  • Improper Input Validation
  • Obtain sensitive information

Best practice and Recommendations:

Cisco Webex Meeting:

To update the affected versions for the rest of the products, please check the details below:

Last updated at 19 November, 2020