Your review has been sent successfully

Cisco Updates

1937
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

21 October, 2021

● Medium

2021-3720

All

Description:

Cisco has released security updates to address several vulnerabilities in the following products:

  • Cisco IOS XE SD-WAN Software:
    • 1000 Series Integrated Services Routers (ISRs)
    • 4000 Series ISRs
    • ASR 1000 Series Aggregation Services Routers
    • Catalyst 8000 Series Edge Platforms
    • Cloud Services Router (CSR) 1000V Series
  • Cisco IOS XR Software
    • had the DHCPv4 server feature or the DHCPv4 proxy feature enabled:
    • Releases 6.7.2 and later
    • 7.1.2 and later, or 7.2.1 and later but earlier than Release 7.3.2 or earlier than Release 7.4.1
      • ASR 9000 Series Aggregation Services Routers
      • IOS XRv 9000 Routers
      • Network Convergence System (NCS) 540 Series Routers
      • NCS 560 Series Routers
      • NCS 5000 Series Routers
      • NCS 5500 Series Routers
  • Cisco Webex Software
  • Cisco TMS Software
  • Cisco Tetration
  • Cisco ISE Software
  • UCS C-Series Rack Servers in standalone mode
  • UCS S-Series Storage Servers in standalone mode
  • Cisco Meeting Server

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Cross-site scripting (XSS)
  • Authentication bypass
  • Install the restricted file remotely
  • Denial of Service (DoS)
  • Execute arbitrary code with root privileges

Best practice and Recommendations:

The CERT team encourages users to review Cisco security advisory and apply the necessary updates:

Last updated at 21 October, 2021

Rate the content

rate-icon
up icon