Summary
Security updates address 9 new vulnerabilities, including 7 with “high” severity, in some Cisco products.
Risk
Estimate of the vulnerability’s impact on the target community: HIGH/ORANGE (65.12/100)1.
Type
- Remote Code Execution
- Information Disclosure
- Denial of Service
- Privilege Escalation
- Data Manipulation
- Arbitrary File Write/Read
Affected Products and/or Versions
The list of products affected by the vulnerabilities is available in the “Affected Products” section of the vendor’s security bulletins.
Mitigation Actions
It is recommended to update the vulnerable products following the instructions provided by the vendor for each affected product and reported in the security bulletins available at the links in the References section.
For product versions for which the vendor has not yet released updates, it is recommended to follow the mitigations reported in the “Workarounds” section of the security bulletins and monitor the release of further updates.
Unique Vulnerability Identifiers
The following are only the CVEs related to the “high” severity vulnerabilities:
References
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
