Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability cisco-sa-ac-csc-privesc-wx4U4Kw
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities cisco-sa-expressway-priv-esc-Ls2B9t7b
Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability cisco-sa-cucm-imp-dos-49GL7rzT
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability cisco-sa-asaftd-ssl-dos-uu7mV5p6
Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability cisco-sa-ac-csc-privesc-wx4U4Kw
Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Stored Cross-Site Scripting Vulnerability cisco-sa-smb-sxss-OPYJZUmE
Cisco Unified Communications Manager Denial of Service Vulnerability cisco-sa-cucm-dos-4Ag3yWbD
Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability cisco-sa-csw-auth-openapi-kTndjdNX
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
