Cisco released security updates to address vulnerabilities in multiple Cisco products including flaws that could allow a remote attacker could exploit to take control of an affected system.
The updates included fixes for a remote code execution (RCE) flaw, a series denial of service (DoS) vulnerability, information disclosure vulnerability and several cross-site scripting (XSS) vulnerabilities, among others.
A RCE vulnerability in the Cisco Industrial Network Director and a DoS vulnerability in Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS and Cisco Expressway Series were rated high, according to the security release.
The RCE vulnerability was the result of an improper validation of files uploaded to the affected application while the DoS vulnerability was caused by insufficient controls for specific memory operations.
The rest of the vulnerabilities were rated medium.