CISA: Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

• Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability cisco-sa-ac-csc-privesc-wx4U4Kw
• Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities cisco-sa-expressway-priv-esc-Ls2B9t7b
• Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability cisco-sa-cucm-imp-dos-49GL7rzT
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability cisco-sa-asaftd-ssl-dos-uu7mV5p6
• Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability cisco-sa-ac-csc-privesc-wx4U4Kw
• Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Stored Cross-Site Scripting Vulnerability cisco-sa-smb-sxss-OPYJZUmE
• Cisco Unified Communications Manager Denial of Service Vulnerability cisco-sa-cucm-dos-4Ag3yWbD
• Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability cisco-sa-csw-auth-openapi-kTndjdNX

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.