Cisco Releases Security Updates

Original release date: January 23, 2020

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

• Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability cisco-sa-20200122-fmc-auth
• TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability cisco-sa-telepresence-path-tr-wdrnYEZZ
• IOS XE SD-WAN Software Default Credentials Vulnerability cisco-sa-sd-wan-cred-EVGSF259
• SD-WAN Solution Local Privilege Escalation Vulnerability cisco-sa-20200122-sdwan-priv-esc
• Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability cisco-sa-20200122-on-prem-dos
• IOS XR Software EVPN Operational Routes Denial of Service Vulnerability cisco-sa-20200122-ios-xr-routes
• IOS XR Software BGP EVPN Denial of Service Vulnerabilities cisco-sa-20200122-ios-xr-evpn
• IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability cisco-sa-20200122-ios-xr-dos
  

Source link