Cisco has released security updates to address vulnerabilities in multiple Cisco products, including:  

• Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) ,

• Cisco AsyncOS Software for Cisco Secure Web Appliance ,

• Cisco BroadWorks CommPilot Application Software.

• Cisco Webex Meetings Web UI  ,

• Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows ,

• Cisco Duo Authentication Proxy ,

• Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode ,

• Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance ,

• Cisco SD-WAN vManage software ,

• Cisco Small Business SPA500 Series IP Phones ,

• Cisco BroadWorks ,

• Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software.

Security Risks

If successfully exploited, the identified vulnerabilities in Cisco products could enable an attacker to take control of an affected system and carry out malicious activities.

For the full list of security patches released by Cisco, please refer to Cisco Security Advisories.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

• Follow and put in place the security updates shared by Cisco to lower the risk of vulnerability exploitation.

• Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://sec.cloudapps.cisco.com/security/center/publicationListing.x

• Cisco Security portal