Cisco released security updates to address vulnerabilities in multiple products that could allow an attacker to take control of an affected system.
The updates include patches to 10 flaws rated “high,” including four denial of service (DoS) bugs involving a Web Security Appliance HTTPS Certificate, a Small Business Series Switches HTTP, a Web Security Appliance Web Proxy, and a Unified Communications Manager Session Initiation Protocol, according to a July 3 advisory.
The updates also address an Application Policy Infrastructure Controller REST API Privilege Escalation vulnerability and a Small Business Series Switches Memory Corruption vulnerability.
The privilege escalation vulnerability is caused by incomplete validation and error checking for the file path when specific software is uploaded while the memory corruption bug is caused by improper validation of HTTPS packets
Those whose systems are vulnerable should update as soon as possible.