By security practitioners, for security practitioners innovate | novacoast federal | novaSOC | novacoast
By security practitioners, for security practitioners

Cisco Releases Security Updates for Multiple Products

Cisco has disclosed a series of severe vulnerabilities impacting several products. Owners and administrators should review their environments and perform patching ASAP.

Background

Cisco has disclosed a series of severe vulnerabilities impacting various product lines including network devices, security appliances, endpoint applications, and various trust relationships. The breadth of impacted products to great to cover in an email – It is recommended that Cisco products within production environments be scrutinized for impact.

View the official Cisco security advisories page for more information.

Notable High Severity Vulnerabilities 

Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability (CVE-2021-1566) – A certificate validation issue affecting Cisco Advanced Malware Protection (AMP) for Endpoints integration with Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) allows for a man in the middle attack between monitored endpoint and server.
 
 
Cisco DNA Center Certificate Validation Vulnerability (CVE-2021-1134) – A cert validation flaw in the Cisco Identity Services Engine (ISE) integration with Cisco DNA Center Software that would allow for the interception of traffic between the ISE and DNA Center servers.
 
 
Cisco Small Business 220 Series Smart Switches Vulnerabilities (CVE-2021-1541, CVE-2021-1542, CVE-2021-1543, CVE-2021-1571) – Allows for hijacking of a user session, execution of arbitrary commands as a root user on the underlying operating system, cross-site scripting (XSS) attacks and an HTML injection attack on impacted Small Business Series switches.
 
 
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability (CVE-2021-1567) – Allows an authenticated user to perform DLL highjacking on AnyConnect client endpoints.
 
 
Lasso SAML Implementation Vulnerability Affecting Cisco Products (CVE-2021-28091) – Impacts SSO implementations of many Cisco products.
 
 
The fixes are in addition to other significant vulnerabilities patched in the month of June, such as:

  • Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability (CVE-2021-1402)
  • Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability (CVE-2021-1503)
  • Cisco Webex Player Memory Corruption Vulnerability (CVE-2021-1526)
  • Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability (CVE-2021-1502). Also worth noting are the many medium severity vulnerabilities patched in the same period.


 
Mitigations

If you suspect any of your systems may be impacted by these vulnerabilities, it is advised you scrutinize the Cisco Advisory page to get more details regarding impacts and mitigations.


Timely updates are key, as PoC exploit code can be available to adversaries within hours or days of disclosure.

A regular schedule of vulnerability scanning can proactively detect vulnerabilities.

An accurate record of systems and platforms, such as a CMDB, can be used by administrators to help determine the impact of broad vulnerability disclosures.

Resources

CISA Advisory
https://us-cert.cisa.gov/ncas/current-activity/2021/06/17/cisco-releases-security-updates-multiple-products

Cisco Security Center Advisories
https://tools.cisco.com/security/center/publicationListing.x

Previous Post

Microsoft June 2021 Patch Tuesday: 49 Vulnerabilities Patched, Six Zero-Days

Next Post

Dell issues update to fix four major vulnerabilities in BIOSConnect and HTTPS Boot

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.