The official site for Saudi CERT
Cisco Alert
3156
Warning Date
Severity Level
Warning Number
Target Sector
13 December, 2021
● Critical
2021-4030
All
Description:
Cisco has released a security alert regarding Apache Log4j vulnerability in the following products:
- Cisco Webex Meetings Server
- Cisco Advanced Web Security Reporting Application
- Cisco Identity Services Engine (ISE)
- Cisco Registered Envelope Service
- Cisco CloudCenter Suite Admin
- Cisco Crosswork Change Automation
- Cisco Evolved Programmable Network Manager
- Cisco Integrated Management Controller (IMC) Supervisor
- Cisco Intersight Virtual
- Cisco Network Services Orchestrator (NSO)
- Cisco Nexus Dashboard (formerly Cisco Application Services Engine)
- Cisco WAN Automation Engine (WAE)
- Cisco SD-WAN vManage
- Cisco UCS Director
- Cisco BroadCloud
- Cisco Computer Telephony Integration Object Server (CTIOS)
- Cisco Enterprise Chat and Email
- Cisco Packaged Contact Center Enterprise
- Cisco Unified Contact Center Enterprise - Live Data server
- Cisco Unified Contact Center Enterprise
- Cisco Unified Intelligent Contact Management Enterprise
- Cisco Unified SIP Proxy Software
- Cisco Video Surveillance Operations Manager
- Cisco DNA Spaces
- Cisco Kinetic for Cities
- Cisco Umbrella
- Cisco Unified Communications Manager Cloud
- Cisco Webex Cloud-Connected UC (CCUC)
- Managed Services Accelerator (MSX) Network Access Control Service
- CloudLock
- Duo
- ThousandEyes
- Webex Meetings
Threats:
Attacker could exploit this vulnerability by doing the following:
- Execute arbitrary code remotely
Best practice and Recommendations:
The CERT team encourages users to review Apache security advisory and apply the necessary mitigations and updates:
Rate the content
Share the page
