Skip to main content

Cisco Releases Security Updates for Multiple Products

Updates for Cisco products address three vulnerabilities, one rated as High, one rated as Medium and one rated as Information Only 

Threat ID:
CC-4248
Threat Severity:
Information only
Published:
19 January 2023 3:53 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Updates for Cisco products address three vulnerabilities, one rated as High, one rated as Medium and one rated as Information Only 

Threat details

Introduction

Cisco has released security advisories to address vulnerabilities in multiple products.

The High severity SQL injection vulnerability in Cisco Unified Communications Manager could allow an attacker to read or modify any data on the underlying database or escalate privileges.

The Medium vulnerability concerns the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and could allow malicious URLs to pass through the device.

The Information Only advisory describes how products running Cisco IOS or IOS XE with strong payload cryptography enabled could be a vulnerable to the leaking of cryptographic configuration settings.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories and apply the necessary updates or workarounds.

Remediation steps

Type Step
Patch

Cisco Unified Communications Manager SQL Injection Vulnerability


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
Patch

Cisco Email Security Appliance URL Filtering Bypass Vulnerability


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-WbMQqNJh
Guidance

Identifying and Mitigating Security Exposures When Using No Payload Encryption Images with Existing Cryptographic Configuration


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npe-hardening-Dkel83jP

Last edited: 19 January 2023 3:53 pm