Cisco Updates
2145Warning Date
Severity Level
Warning Number
Target Sector
7 October, 2021
● Medium
2021-3638
All
Description:
Cisco has released security updates to address several vulnerabilities in the following products:
- Cisco Orbital
- Cisco Vision Dynamic Signage Director releases 6.4 and earlier
- Cisco DNA Center
- AsyncOS Software for Cisco ESA releases earlier than Release 14.0.1
- Cisco products if they were running a vulnerable release of Cisco IP Phone software:
- IP Conference Phone 7832
- IP Conference Phone 8832
- IP Phone 7800 Series
- IP Phone 8800 Series
- Wireless IP Phone 8821
- Cisco ISE
- Cisco Business 220 Series Smart Switches
- Cisco SSM On-Prem
- Cisco TelePresence CE Software
- Cisco RoomOS Software
- Cisco AnyConnect
- Cisco ATA 190 Series On-Premises Software or Cisco ATA 190 Series Multiplatform (MPP) Software:
- ATA 190 (On-premises only)
- ATA 191 (On-premises or Multiplatform)
- ATA 192 (Multiplatform only)
- Cisco Small Business 220 Series Smart Switches
- Cisco Intersight Virtual Appliance
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Authentication bypass
- Unauthorized disclosure of information
Best practice and Recommendations:
The CERT team encourages users to review Cisco security advisory and apply the necessary updates:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-redirect-rQ2Bu7dU
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvdsd-xss-fvdj6HK
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-infodisc-KyC6YncS
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-sGcfsDrp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-pNXtLhdp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-V4VSjEsX
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-priv-esc-5g35cdDJ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-UwqPrBM3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-dos-fmHdKswk