TTCSIRT-331.08.03.20: TT-CSIRT ADVISORY- CISCO RELEASES SECURITY UPDATES FOR MULTIPLE PRODUCTS
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page via the link provided; https://tools.cisco.com/security/center/publicationListing.x
Below are Critical Cisco Vulnerabilities with the relevant links to give a more comprehensive understanding as well as mitigating procedures:
- Cisco SD-WAN vManage Software Authorization Bypass Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uabvman-SYGzt8Bv
- Cisco Data Center Network Manager Authentication Bypass Vulnerability- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-bypass-dyEejUMs
- Cisco Data Center Network Manager Command Injection Vulnerability- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh
- Cisco Data Center Network Manager Command Injection Vulnerability- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-rest-inj-BCt8pwAJ
- Cisco Data Center Network Manager Path Traversal Vulnerability- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-path-trav-2xZOnJdR
- Cisco Data Center Network Manager Improper Authorization Vulnerability- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-improper-auth-7Krd9TDT
- Cisco Data Center Network Manager Authentication Bypass Vulnerability- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-JkubGpu3
The Trinidad and Tobago Cyber Security Incident Response Team (CSIRT) encourages users and administrators to review and apply the necessary updates.
If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt