Cisco released advisories to patch 29 issues including three critical vulnerabilities one of which was a patch for an Apache Struts bug.
The vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system due to the vulnerable software insufficiently validating user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action, according to the advisory.
The other two critical vulnerabilities included a Cisco Umbrella API that could allow an authenticated, remote attacker to view and modify data across their organisation and other organisations, and an interface buffer overflow vulnerability in the several web-based routers.
The Umbrella API flaw is caused by insufficient authentication configurations for the API interface of Cisco Umbrella and the buffer overflow glitch is caused by improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface.
Researchers recommended those who are affected update their systems to the latest version of the firmware for the devices.