Cisco Releases Security Updates for Multiple Products

Posted by:

DEFENDEDGE

|

On:

|

Original release date: November 19, 2020<br/><p>Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.</p>

<p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.</p>

<ul>
<li>Integrated Management Controller Multiple Remote Code Execution Vulnerabilities <a href=”https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd”>cisco-sa-ucs-api-rce-UXwpeDHd</a></li>
<li>DNA Spaces Connector Command Injection Vulnerability <a href=”https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-cmd-injection-rrAYzOwc”>cisco-sa-dna-cmd-injection-rrAYzOwc</a></li>
<li>IoT Field Network Director Unauthenticated REST API Vulnerability <a href=”https://us-cert.cisa.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-BCK-GHkPNZ5F”>cisco-sa-FND-BCK-GHkPNZ5F</a></li>
<li>Secure Web Appliance Privilege Escalation Vulnerability <a href=”https://us-cert.cisa.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-nPzWZrQj”>cisco-sa-wsa-prv-esc-nPzWZrQj</a></li>
<li>IoT Field Network Director SOAP API Authorization Bypass Vulnerability <a href=”https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR”>cisco-sa-FND-AUTH-vEypBmmR</a></li>
<li>IoT Field Network Director Missing API Authentication Vulnerability <a href=”https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-APIA-xZntFS2V”>cisco-sa-FND-APIA-xZntFS2V</a></li>
</ul>

<p>For updates addressing lower severity vulnerabilities, see the Cisco <a href=”https://us-cert.cisa.gov https://tools.cisco.com/security/center/publicationListing.x”>Security Advisories page</a>.<br />
&nbsp;</p>

<div class=”field field–name-body field–type-text-with-summary field–label-hidden field–item”><p class=”privacy-and-terms”>This product is provided subject to this <a href=”https://us-cert.cisa.gov/privacy/notification”>Notification</a> and this <a href=”https://www.dhs.gov/privacy-policy”>Privacy &amp; Use</a> policy.</p>

</div>

Posted by

DEFENDEDGE

in