Cisco Releases Security Updates for Multiple Products

Original release date: November 19, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

• Integrated Management Controller Multiple Remote Code Execution Vulnerabilities cisco-sa-ucs-api-rce-UXwpeDHd
• DNA Spaces Connector Command Injection Vulnerability cisco-sa-dna-cmd-injection-rrAYzOwc
• IoT Field Network Director Unauthenticated REST API Vulnerability cisco-sa-FND-BCK-GHkPNZ5F
• Secure Web Appliance Privilege Escalation Vulnerability cisco-sa-wsa-prv-esc-nPzWZrQj
• IoT Field Network Director SOAP API Authorization Bypass Vulnerability cisco-sa-FND-AUTH-vEypBmmR
• IoT Field Network Director Missing API Authentication Vulnerability cisco-sa-FND-APIA-xZntFS2V

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
 

Source link