Skip to main content

Advisories

CISCO Products Vulnerabilities and Security Updates, issued June 2021

Description

Cisco has released software updates to address vulnerabilities in multiple Cisco products software that could permit an unauthenticated, remote, malicious actor to execute arbitrary code or allow an authenticated, local malicious threat to gain escalated privileges on an unpatched system.

The following 5 vulnerabilities are the most recent with high impact:

  • Cisco Webex Network Recording Player vulnerability for Windows and MacOS (CVE-2021-1503). Read More...
  • Cisco Webex Player Memory Corruption vulnerability for Windows and MacOS (CVE-2021-1526). Read More...
  • Cisco Webex Network Recording Player and Webex Player Memory Corruption vulnerability (CVE-2021-1502) for Windows and MacOS Read More...
  • Cisco SD-WAN Software Privilege Escalation vulnerability (CVE-2021-1528). Read More...
  • Cisco ASR 5000 Series Software Authorization Bypass vulnerabilities (CVE-2021-1539 and CVE2021-1540) Read More...

Security Risks
Some of these vulnerabilities are due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). Others exist because the affected software does not properly restrict access to privileged processes.
An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

Recommendation
The National Cyber Security Authority (NCSA) recommends administrators to review the Cisco Security Advisories page and apply the latest security updates as soon as possible.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009

Reference
https://tools.cisco.com/security/center/publicationListing.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-rCFDeVj2

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-fuErCWwF

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n