Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Bhutan Computer Incident Response Team recommended users and administrators to review the following Cisco advisories and apply the necessary updates:
• Cisco SD-WAN vManage Software Vulnerabilities cisco-sa-sd-wan-vmanage-4TbynnhZ
• Cisco HyperFlex HX Command Injection Vulnerabilities cisco-sa-hyperflex-rce-TjjNrkpR
• Cisco SD-WAN Software vDaemon Denial of Service Vulnerability cisco-sa-sdwan-dos-Ckn5cVqW
• Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities cisco-sa-sdwan-buffover-MWGucjtO
• Cisco SD-WAN vManage Software Authentication Bypass Vulnerability cisco-sa-sdw-auth-bypass-65aYqcS2
• Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities cisco-sa-sb-wap-multi-ZAfKGXhF
• Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability cisco-sa-nfvis-cmdinj-DkFjqg2j
• Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities cisco-sa-imp-inj-ereCOKjR
• Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities cisco-sa-anyconnect-code-exec-jR3tWTA6