Cisco Releases Security Updates – Updated November 5, 2020

November 5, 2020

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. Read the advisory at CISA.

October 22, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco security page and apply the necessary updates. Read the advisory at CISA.

October 8, 2020

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. Read the advisory at CISA.

September 25, 2020

September 3, 2020

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. CISA encourages users and administrators to review the Cisco Advisories and apply the necessary updates. Read the advisory at CISA.

August 27, 2020

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. CISA encourages users and administrators to review the Cisco Advisories and apply the necessary updates. Read the advisory at CISA.

August 20, 2020

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. CISA encourages users and administrators to review the Cisco Advisories and apply the necessary updates. Read the advisory at CISA.

August 6, 2020

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take obtain sensitive information. CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. Read the advisory at CISA.

July 30, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. Read the advisory at CISA.

July 23, 2020

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software Web Service. A remote attacker could exploit this vulnerability to obtain sensitive information. CISA) encourages users and administrators to review Cisco Security Advisory cisco-sa-asaftd-ro-path-KJuQhB86 for more information and apply the necessary updates. Read the advisory at CISA.

July 15, 2020

Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle July 2020 Critical Patch Update and apply the necessary updates. Read the advisory at CISA.

July 2, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco advisories and apply the necessary updates. Read the advisory at CISA.

June 25, 2020

Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise. CISA encourages users and administrators to review the Cisco Security Advisory and apply the necessary workarounds. Access the advisory at CISA.

June 18, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates. Read the advisory at CISA.

June 4, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco security advisories page and apply the necessary updates. Read the advisory at CISA.

June 2, 2020

Cisco has released security updates to address a vulnerability in NX-OS Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates or workarounds. Read the advisory at CISA.

May 29, 2020

Cisco has released security updates to address SaltStack FrameWork vulnerabilities in Cisco Modeling Labs Corporate Edition (CML) and Virtual Internet Routing Lab Personal Edition (VIRL-PE). A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates or workaround. Read the advisory at CISA.

May 22, 2020

Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates, including Unified Contact Center Express Remote Code Execution Vulnerability cisco-sa-uccx-rce-GMSC6RKN and Prime Network Registrar DHCP Denial-of-Service Vulnerability cisco-sa-cpnr-dhcp-dos-BkEZfhLP. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. Read the advisory at CISA.

May 7, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. Read the advisory at CISA.

April 30, 2020

Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Solution software. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. Read the advisory at CISA.

April 16, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates. Read the advisory at CISA.

March 19, 2020

Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates. Read the advisory at CISA.

March 5, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the Cisco advisories and apply the necessary updates. Read the advisory at CISA.

February 27, 2020

Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System (UCS) software. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the Cisco advisories, as well as the Cisco Event Response page, and apply the necessary updates. Read the advisory at CISA.

February 20, 2020

February 6, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. CISA encourages users and administrators to review the following Cisco advisories, as well as Vulnerability Note #261385 from the CERT Coordination Center (CERT/CC), and apply the necessary updates. Read the advisory at CISA.

January 30, 2020

Cisco has released security updates to address vulnerabilities affecting Cisco Small Business Switches. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. DHS CISA encourages users and administrators to review Cisco Security Advisories cisco-sa-smlbus-switch-dos-R6VquS2u and cisco-sa-20200129-smlbus-switch-disclos for more information. Read the advisory at CISA.

January 24, 2020

Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Cisco Security Advisory cisco-sa-20200124-webex-unauthjoin for more information. Read the advisory at Cisco.

January 23, 2020

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the Cisco advisories and apply the necessary updates. Read the advisory at CISA.

January 7, 2020

Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates. Read the advisory at CISA.

November 7, 2019

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage. CISA encourages users and administrators to review the Cisco advisories and apply the necessary updates. Read the advisory at CISA.

October 17, 2019

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The DHS Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. Read the advisory at CISA.

October 3, 2019

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Event Response page and apply the necessary updates. Read the advisory at CISA.

August 29, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco advisories and apply the necessary updates. Read the advisory at CISA.

August 8, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. Read the advisory at CISA.

August 1, 2019

Cisco has released security updates to address a vulnerability in Cisco Nexus 9000 Series Fabric Switches. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. Read the advisory at CISA.

July 17, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the advisories and apply the necessary updates. Read the advisory at CISA.

July 3, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the advisories and apply the necessary updates. Read the advisory at CISA.

June 26, 2019

Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. DHS CISA encourages users and administrators to review the advisories and apply the necessary updates. Read the advisory at CISA.

June 19, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the advisories and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

June 12, 2019

Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. Read the advisory at NCCIC/US-CERT.

June 5, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco advisories and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

May 15, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

May 13, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

As discussed in postings from other cybersecurity organizations, including an article from Threatpost, the vulnerabilities are high-severity and impact millions of devices.

The first vulnerability affects the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Secure Boot is the vendor’s trusted hardware root-of-trust, implemented in a wide range of Cisco products in use among enterprise, military and government networks, including routers, switches and firewalls. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process. No software updates are yet available, and there are no workarounds, but Cisco said that it is working on it, for release in May. The good news is that an attacker would need to be local and already have access to the device’s OS, with elevated privileges, in order to exploit the issue.

The second vulnerability exists in the Cisco IOS XE operating system, which is the vendor’s common OS used to power enterprise wired and wireless access, aggregation, core and WAN products. The flaw exists because the affected software improperly sanitizes user-supplied input. “An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form,” Cisco explained in its advisory. Cisco has released software updates for this one; but there are no workarounds.

May 7, 2019

Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. Read the advisory at NCCIC/US-CERT.

May 1, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

April 17, 2019

Cisco has released a security update to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

March 28, 2019

Cisco has released a security update to address a vulnerability in Cisco IOS XE. An attacker could exploit this vulnerability to obtain sensitive information. The NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. Read the advisory at NCCIC/US-CERT.

March 27, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

March 20, 2019

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

March 13, 2019

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition. The NCCIC users and administrators to review the Cisco Advisories and apply the necessary updates. Read the advisory at NCCIC/ICS-CERT.

March 6, 2019

Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

February 27, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco advisories and apply the necessary update. Read the advisory at NCCIC/US-CERT.

February 20, 2019

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

February 12, 2019

Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information. The NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. Read the advisory at NCCIC/US-CERT.

January 23, 2019

Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

January 9, 2019

Cisco has released security updates to address vulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliance. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. Read the full advisory at NCCIC/US/CERT.

December 19, 2018

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance. A remote attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. NCCIC/US-CERT.

November 28, 2018

Cisco has released a security update to address a vulnerability in Cisco Prime License Manager. A remote attacker could exploit this vulnerability to obtain sensitive information. The NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. NCCIC/US-CERT.

November 7, 2018

Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. NCCIC/US-CERT.

October 24, 2018

Cisco has released security updates to address a vulnerability in Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App. An attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. NCCIC/US-CERT.

October 3, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates. NCCIC/US-CERT.

September 26, 2018

September 21, 2018

Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. NCCIC/US-CERT.

August 28, 2018

Cisco has released a security update to address a vulnerability in Cisco Data Center Network Manager. A remote attacker could exploit this vulnerability to obtain access to sensitive information. The NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. NCCIC/US-CERT.

August 15, 2018

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Web Security Appliance Web Proxy Memory Exhaustion Denial-of-Service Vulnerability cisco-sa-20180815-wsa-dos; Unified Communications Manager IM & Presence Service Denial-of-Service Vulnerability cisco-sa-20180815-ucmimps-dos; Adaptive Security Appliance Web Services Denial-of-Service Vulnerability cisco-sa-20180606-asaftd. NCCIC/US-CERT.

August 1, 2018

Cisco has released a security update to address a vulnerability in Cisco Prime Collaboration Provisioning. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. NCCIC/US-CERT.

July 18, 2018

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the necessary updates. NCCIC/US-CERT.

July 11, 2018

June 20, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. NCCIC/US-CERT.

June 6, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. NCCIC/US-CERT.

May 16, 2018

May 2, 2018

March 7, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. US-CERT.

February 21, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. US-CERT.

February 5, 2018

Cisco has released an updated advisory and security updates to address a vulnerability affecting its Adaptive Security Appliance software. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Cisco's updated Security Advisory and apply the necessary updates. US-CERT.

January 31, 2018

Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. US-CERT.

January 29, 2018

Cisco has released a security update to address a vulnerability in its Adaptive Security Appliance software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. US-CERT.

January 17, 2018

Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. US-CERT.

November 29, 2017

Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. US-CERT.

November 3, 2017

Cisco has released a security update to address a vulnerability in its IOS XE software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. US-CERT.

November 1, 2017

October 18, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Cloud Services Platform 2100 Unauthorized Access Vulnerability cisco-sa-20171018-ccs; FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial-of-Service Vulnerability cisco-sa-20171018-aaavty; Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial-of-Service Vulnerability cisco-sa-20171018-sip; Small Business SPA51x Series IP Phones SIP Denial-of-Service Vulnerability cisco-sa-20171018-sip. US-CERT.

October 4, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Adaptive Security Appliance Software Direct Authentication Denial-of-Service Vulnerability cisco-sa-20171004-asa; Firepower Detection Engine IPv6 Denial-of-Service Vulnerability cisco-sa-20171004-fpsnort; Firepower Detection Engine SSL Decryption Memory Consumption Denial-of-Service Vulnerability cisco-sa-20171004-ftd. US-CERT.

September 27, 2017

September 20, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability (cisco-sa-20170920-cvp); Email Security Appliance Denial-of-Service Vulnerability (cisco-sa-20170920-esa); Small Business Managed Switches Denial-of-Service Vulnerability (cisco-sa-20170920-sbms). US-CERT.

August 16, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability, Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability, and Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability. US-CERT.

August 2, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates: Identity Services Engine Authentication Bypass Vulnerability and Videoscape Distribution Suite Cache Server Denial of Service Vulnerability. US-CERT.

July 27, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability and Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability. US-CERT.

July 20, 2017

Cisco has released a security update to address a vulnerability in its Web Security Appliance (WSA). A remote attacker could exploit this vulnerability to take control of a system. US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details. US-CERT.

July 17, 2017

Cisco has released security updates to address a vulnerability in its WebEx browser extension on Google Chrome and Mozilla Firefox. A remote attacker could exploit this vulnerability to take control of a system. US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details. US-CERT.

July 13, 2017

Cisco has released security updates to address several Simple Network Management Protocol (SNMP) vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. US-CERT.

July 5, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates: Elastic Services Controller Unauthorized Access Vulnerability, Ultra Services Framework UAS Unauthenticated Access Vulnerability, Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability, StarOS CLI Command Injection Vulnerability, Elastic Services Controller Arbitrary Command Execution Vulnerability, Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability, and Ultra Services Framework AutoVNF Log File User Credential Information Disclosure Vulnerability. US-CERT.

June 30, 2017

Cisco has released a security advisory to address Simple Network Management Protocol (SNMP) vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary workarounds until patches are released. US-CERT.

June 21, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability, Virtualized Packet Core – Distributed Instance Denial-of-Service Vulnerability, and WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities. ICS-CERT.

May 17, 2017

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability, Cisco TelePresence IX5000 Series Directory Traversal Vulnerability, Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability, and Cisco Policy Suite Privilege Escalation Vulnerability. US-CERT.

May 10, 2017

Cisco has released a security update to address a vulnerability in its WebEx Meetings Server, which could allow a remote attacker to obtain sensitive information. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. US-CERT.

May 9, 2017

Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary updates. ICS-CERT.

May 3, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates: CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability, Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability, TelePresence ICMP Denial-of-Service Vulnerability, and IOS XR Software Denial-of-Service Vulnerability. US-CERT.

April 19, 2017

Cisco has released updates to address several high-impact vulnerabilities affecting multiple products. These and other lower-impact vulnerabilities are listed at Cisco Security Advisories and Alerts. A remote attacker could exploit one of the high-impact vulnerabilities to cause a denial-of-service condition. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates: ASA Software DNS Denial-of-Service Vulnerability, ASA Software IPsec Denial-of-Service Vulnerability, ASA Software SSL/TLS Denial-of-Service Vulnerability, ASA Software Internet Key Exchange Version 1 XAUTH Denial-of-Service Vulnerability, IOS and IOS XE Software EnergyWise Denial-of-Service Vulnerabilities, Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial-of-Service Vulnerability, and Unified Communications Manager Denial-of-Service Vulnerability cisco-sa-20170419-ucm. US-CERT.

April 6, 2017

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability cisco-sa-20170405-ame, Wireless LAN Controller 802.11 WME Denial-of-Service Vulnerability cisco-sa-20170405-wlc, Wireless LAN Controller IPv6 UDP Denial-of-Service Vulnerability cisco-sa-20170405-wlc2, and Wireless LAN Controller Management GUI Denial-of-Service Vulnerability cisco-sa-20170405-wlc3. US-CERT.

March 22, 2017

Cisco has released security updates to address vulnerabilities in its IOS, IOS XE, and IOx Software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of-service condition. Users and administrators are encouraged to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

March 21, 2017

Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. Exploitation of one of these vulnerabilities could allow a remote attacker to cause a denial of service condition. Users and administrators are encouraged to review the following Cisco Security Advisories and apply these updates: IPv6 Denial of Service Vulnerability and Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability. US-CERT.

March 15, 2017

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates: Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability cisco-sa-20170315-ap1800, StarOS SSH Privilege Escalation Vulnerability cisco-sa-20170315-asr, Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability cisco-sa-20170315-tes, and Meshed Wireless LAN Controller Impersonation Vulnerability cisco-sa-20170315-wlc-mesh. US-CERT.

March 1, 2017

Cisco has released a security update to address a vulnerability in its NetFlow Generation Appliance (NGA). Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition. Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary update. US-CERT.

February 15, 2017

Cisco has released a security update to address a vulnerability in its UCS Director software. Exploitation of this vulnerability could allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. US-CERT.

February 6, 2017

Cisco has released a hardware advisory for a clock signal component used in some of its devices, which include switches and routers. Devices that contain the faulty component could potentially fail after 18 months of use. US-CERT encourages users and administrators to review the Cisco advisory for more information and replacement guidance. US-CERT.

February 1, 2017

US-CERT has alerted users to Cisco’s security updates to address a vulnerability in its Prime Home platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details. US-CERT.

January 26, 2017

US-CERT has alerted users to Cisco’s security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the latest Cisco Security Advisories and apply the necessary updates. US-CERT.

January 25, 2017

US-CERT has alerted users to Cisco’s release of security updates to address a vulnerability in its WebEx browser extensions. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisory and Vulnerability Note #VU909240 for vulnerability and mitigation details. US-CERT.

December 22, 2016

US-CERT has alerted users to Cisco’s security updates to address a vulnerability in its Cisco CloudCenter Orchestrator. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary updates. ICS-CERT.

November 2, 2016

US-CERT has alerted users to Cisco’s updates to address vulnerabilities affecting multiple products. These include ASR 900, Prime Home, Meeting Server, Meeting App, TelePresence, Application Policy Infrastructure Controller, Email Security Appliance, ASR 500, and Web Security Appliance. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

October 26, 2016

Cisco has released several updates to address vulnerabilities affecting multiple products. These include Identity Services Engine, Email Security Appliance, Web Security Appliance, IP Interoperability and Collaboration System, and others. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the updates. US-CERT.

October 24, 2016

US-CERT has alerted users to Cisco's security update to address a vulnerability in its WebEx Meetings Player. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. US-CERT.

October 12, 2016

US-CERT has alerted users to Cisco’s security updates to address vulnerabilities in multiple products including Meeting Server, Wide Area Application Services, Unified Communications Manager, Prime Infrastructure, Finesse, and CBR-8. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

October 5, 2016

US-CERT has alerted users to Cisco’s security updates to address vulnerabilities in multiple products. Affected products include NX-OS, Nexus 7000, and Nexus 7700. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

September 28, 2016

US-CERT has alerted users to multiple Cisco security updates to address vulnerabilities in a range of products. Exploitation of one of these vulnerabilities could allow a remote attacker to take over an affected system. Affected products include IOS and IOS XE, Firepower Management Center, and Email Security Appliance. Users and administrators are encouraged to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

September 22, 2016

Cisco has released security updates to address vulnerabilities in multiple products including Cloud Services Platform, IOS and IOS XE, Firepower Management Center, FireSIGHT, and Prime Home. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

In related reporting, more than 840,000 Cisco devices are vulnerable to the recently disclosed NSA-related exploits.

September 16, 2016

Cisco has released security updates to address a vulnerability in several products. Exploitation of this vulnerability could allow a remote attacker to obtain sensitive information from an affected system. Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary updates. US-CERT.

September 15, 2016

US-CERT has posted an alert regarding Cisco’s security updates to address vulnerabilities in several products including Web Security Appliance, WebEx, Unified Computing System, IOS, and IOx. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

August 31, 2016

US-CERT has posted an alert on 12 security updates from Cisco to address vulnerabilities in several products. These include Wireless LAN Controller, WebEx, Small Business 220 Series, Small Business Series, and Hosted Collaboration product lines. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

August 20, 2016

Cisco has released 14 security updates to address vulnerabilities in several products including Firepower Management Center, Adaptive Security Appliance, Access Point Platforms, Unified Communications Manager, and WebEx among others. Exploitation of some of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisories and apply the necessary updates. In addition, the Washington Post has covered the leak of National Security Agency (NSA) hacking tools, which exposed these vulnerabilities. US-CERT.

August 12, 2016

Cisco has released a security update to address a vulnerability in its IOS XR Software for ASR 9001 Aggregation Services Routers. Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. US-CERT.

August 3, 2016

US-CERT has alerted users to Cisco’s security updates to address vulnerabilities in several products including RV180 and RV110W, RV130W, RV215W, TelePresence, and Prime Infrastructure product lines. Exploitation of some of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the latest Cisco Security Advisories and apply the necessary updates. US-CERT.

July 20, 2016

US-CERT has posted an alert on Cisco’s security update to address a vulnerability in its Unified Computing System (UCS) Performance Manager. Exploitation of this vulnerability could allow an unauthenticated remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco UCS Performance Manager versions 2.0.0 and prior Security Advisory and apply the necessary update. US-CERT.

July 14, 2016

US-CERT has posted an alert on Cisco's security updates to address vulnerabilities in two products. Exploitation of one of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisories on Cisco ASR 5000 Series and Cisco IOS XR for NCS 6000 then apply the necessary updates. US-CERT.

June 30, 2016

US-CERT has posted an alert on Cisco’s security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates for Cisco Prime Infrastructure and EPNM, Cisco Prime Collaboration Provisioning, and Cisco Firepower System Software. US-CERT.

June 15, 2016

US-CERT has alerted users to Cisco's security updates to address vulnerabilities in the web-based management interface of three wireless routers (models RV110W, RV130W, and RV215W). Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the latest Cisco Security Advisories and apply the necessary updates. US-CERT.

Additional reporting is available at PCWorld.

June 1, 2016

US-CERT has posted an alert on Cisco’s security updates to address vulnerabilities in its Prime Network Analysis Module software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the latest Cisco Security Advisories and apply the necessary updates. US-CERT.

May 18, 2016

US-CERT has alerted users to Cisco's security updates to address vulnerabilities in its Web Security Appliance software. Exploitation of these vulnerabilities could cause a denial-of-service-condition on an affected system. Users and administrators are encouraged to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

May 4, 2016

US-CERT has posted an alert on Cisco’s security updates to its FirePOWER, Adaptive Security Appliance, and TelePresence products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisories. US-CERT.

April 20, 2016

US-CERT has posted an alert on Cisco’s security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition on an affected system. US-CERT encourages users and administrators to review the April 20, 2016 Cisco Security Advisories and apply the necessary updates. US-CERT.

April 13, 2016

US-CERT has posted an alert on Cisco's security update to address a vulnerability in its Cisco Unified Computing System (UCS) Central Software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. US-CERT.

April 6, 2015

US-CERT has posted an alert on Cisco's security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisories and apply the necessary updates. US-CERT.

March 30, 2016

US-CERT has posted an alert on Cisco's security updates to address a vulnerability in its Cisco Firepower System software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary updates. US-CERT.

March 23, 2016

US-CERT has posted an alert on Cisco's security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities could allow a remote attacker to create a denial-of-service condition. US-CERT encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates to the affected Cisco IOS and IOS XE products. US-CERT.

March 9, 2016

US-CERT has posted an alert on Cisco's security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected device.Users and administrators are encouraged to review Cisco Security Advisories for Wireless Residential Gateway, ASA, and Cable Modem with Digital Voice products. For details on securing your home network, please see US-CERT Tip ST15-002. US-CERT.

March 2, 2016

Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition. Users and administrators are encouraged to review the Cisco Security Advisories and apply the necessary updates to the affected Cisco Nexus, NX-OS, and Web Security Appliance products. US-CERT.

February 10, 2016

US-CERT has posted an alert on Cisco's security update to address a vulnerability in its ASA software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. US-CERT.

January 27, 2016

US-CERT has alerted users to the latest Cisco security update to address a vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device. US-CERT encourages users and administrators to review the Cisco Security Advisory along with US-CERT's tip on Securing Your Home Network and apply the necessary update. US-CERT.

You are here

Cisco Releases Security Updates – Updated November 5, 2020

Cisco Releases Security Updates – Updated November 5, 2020

Related Resources

Footer Email Signup