Cisco Updates
2006Warning Date
Severity Level
Warning Number
Target Sector
2 September, 2021
● High
2021-3461
All
Description:
Cisco has released security updates to address several vulnerabilities in the following products:
- Cisco Nexus Insights releases earlier than Release 6.0.1
- Cisco ISE Software:
- 2.2 Patch17 and earlier
- 2.3 Patch7 and earlier
- 2.4 Patch14 and earlier
- 2.6 Patch9 and earlier
- 2.7 Patch4 and earlier
- 3.0 Patch3 and earlier
- Cisco Prime Collaboration Provisioning releases earlier than Release 12.6 SU3(1)
- Cisco Prime Infrastructure releases earlier than Release 3.8 and Cisco EPN Manager releases earlier than Release 5.0
- Cisco Enterprise NFVIS Release 4.5.1 if the TACACS external authentication method is configured
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Authentication bypass
- Unauthorized disclosure of information
Best practice and Recommendations:
The CERT team encourages users to review Cisco security advisory and apply the necessary updates:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-insight-infodis-2By2ZpBB
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-4HnZFewr
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-collab-xss-fQMDE5GO
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh