Cisco Releases Security Updates for Multiple Products

Original release date: April 16, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

• IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability cisco-sa-voip-phones-rce-dos-rB6EeRXs
• Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data cisco-sa-ucsd-mult-vulns-UNfpdW4E
• Wireless LAN Controller 802.11 Generic Advertisement Service Denial-of-Service Vulnerability cisco-sa-wlc-gas-dos-8FsE3AWH
• Wireless LAN Controller CAPWAP Denial-of-Service Vulnerability cisco-sa-wlc-capwap-dos-Y2sD9uEw
• Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability cisco-sa-webex-player-Q7Rtgvby
• Mobility Express Software Cross-Site Request Forgery Vulnerability cisco-sa-mob-exp-csrf-b8tFec24
• IoT Field Network Director Denial-of-Service Vulnerability cisco-sa-iot-coap-dos-WTBu6YTq
• Unified Communications Manager Path Traversal Vulnerability cisco-sa-cucm-taps-path-trav-pfsFO93r
• Aironet Series Access Points Client Packet Processing Denial-of-Service Vulnerability cisco-sa-airo-wpa-dos-5ZLs6ESz

Source link