Cisco updates include fixes for 'high' rated RCE, DoS flaws

News by Robert Abel

The updates included fixes for a remote code execution (RCE) flaw, a series denial of service (DoS) vulnerability, information disclosure vulnerability and several cross-site scripting (XSS) vulnerabilities

Cisco released security updates to address vulnerabilities in multiple Cisco products including flaws that could allow a remote attacker could exploit to take control of an affected system.

The updates included fixes for a remote code execution (RCE) flaw, a series denial of service (DoS) vulnerability, information disclosure vulnerability and several cross-site scripting (XSS) vulnerabilities, among others.

A RCE vulnerability in the Cisco Industrial Network Director and a DoS vulnerability in Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS and Cisco Expressway Series were rated high, according to the security release.

The RCE vulnerability was the result of an improper validation of files uploaded to the affected application while the DoS vulnerability was caused by insufficient controls for specific memory operations.

The rest of the vulnerabilities were rated medium.

This article was originally published on SC Media US

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop