Cisco has delivered a bundle of 17 security updates to address 18-CVE-listed vulnerabilities in its networking and communications gear.
Switchzilla has classified 10 of the fixed bugs as high security issues, with exploits leading to everything from command and code execution to denial of service- a particularly serious problem for networking gear. There are no critical vulnerabilities to fix this time around, so breath easier US admins who may be off for the Traitor’s Day Brexit 1776Independence Day weekend.
Among the more prominent bugs include a denial of service flaw in Web Security Appliance caused by sending a malformed certificate and a DLL preloading code execution vulnerability in Jabber.
Cisco’s Small Business switches were patched for two high-rated flaws, one allowing for denial of service from HTTP requests and another and the second a memory corruption flaw from the handling of SSL certificates.
Switchzilla also addressed a security bypass vulnerability in the Nexus 9000 switches and both a command injection and arbitrary read/write flaw in the NFV Infrastructure software.
The medium level of fixes includes a patch for two CVE-listed vulnerabilities in the Firepower Management Center, both potentially allowing for cross-site scripting bugs and a denial of service error in the IOS XR border gateway protocol.
Cisco’s IP phone- both the 7800 and 8800 series, were found to contain a denial of service flaw that would let an attacker prevent the phones from registering by sending them malformed SIP payloads, and the email security appliance was patched for a pair of filter bypass vulnerabilities.
Admins would be well advised to set aside time to check and install any needed Cisco packages before Tuesday, when Microsoft, SAP, and Adobe are all scheduled to drop their own monthly updates for July.