Cisco Releases Security Updates for Multiple Products
Updates for Cisco products address three vulnerabilities, one rated as High, one rated as Medium and one rated as Information Only
Summary
Updates for Cisco products address three vulnerabilities, one rated as High, one rated as Medium and one rated as Information Only
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Cisco has released security advisories to address vulnerabilities in multiple products.
The High severity SQL injection vulnerability in Cisco Unified Communications Manager could allow an attacker to read or modify any data on the underlying database or escalate privileges.
The Medium vulnerability concerns the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and could allow malicious URLs to pass through the device.
The Information Only advisory describes how products running Cisco IOS or IOS XE with strong payload cryptography enabled could be a vulnerable to the leaking of cryptographic configuration settings.
Remediation advice
Affected organisations are encouraged to review the following Cisco Security Advisories and apply the necessary updates or workarounds.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Cisco Unified Communications Manager SQL Injection Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n |
| Patch |
Cisco Email Security Appliance URL Filtering Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-WbMQqNJh |
| Guidance |
Identifying and Mitigating Security Exposures When Using No Payload Encryption Images with Existing Cryptographic Configuration https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npe-hardening-Dkel83jP |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 19 January 2023 3:53 pm