Cisco Security Updates
Cisco has released software updates to address vulnerabilities in multiple Cisco products software that could permit an unauthenticated, remote, malicious actor to execute arbitrary code or allow an authenticated, local malicious threat to gain escalated privileges on an unpatched system.
The following 4 vulnerabilities are the most recent with high impact:
In Cisco Email Security Appliance (ESA), Cisco Advanced Malware Protection (AMP) and Cisco Web Security Appliance (WSA).
This vulnerability is due to improper certificate validation when an affected device
establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. Read More...
In the web-based management interface of Cisco Small Business 220 Series Smart Switches.
This vulnerability is due to the use of weak session management for session identifier
values. Read More...
In the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows
with VPN Posture (HostScan) Module installed on the AnyConnect client.
This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. Read More...
In the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center
This vulnerability is due to an incomplete validation of the X.509 certificate used when
establishing a connection between DNA Center and an ISE server Read More...
The National Cyber Security Authority (NCSA) recommends administrators to review the Cisco Security Advisories page, check the list of all vulnerabilities and apply the latest security updates as soon as possible.
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to firstname.lastname@example.org or call us on 9009
18 June 2021
© 2023 National Cyber Security Authority