Patch/Configuration Management, Vulnerability Management

Cisco updates include fixes for ‘high’ rated RCE, DoS flaws

Cisco released security updates to address vulnerabilities in multiple Cisco products including flaws that could allow a remote attacker could exploit to take control of an affected system.

The updates included fixes for a remote code execution (RCE) flaw, a series denial of service (DoS) vulnerability, information disclosure vulnerability and several cross-site scripting (XSS) vulnerabilities, among others.

A RCE vulnerability in the Cisco Industrial Network Director and a DoS vulnerability in Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS and Cisco Expressway Series were rated high, according to the security release.

The RCE vulnerability was the result of an improper validation of files uploaded to the affected application while the DoS vulnerability was caused by insufficient controls for specific memory operations.

The rest of the vulnerabilities were rated medium.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.