Cisco Releases Security Advisories for Multiple Products - 20230217001

Overview

Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

What is the vulnerability?

CVE-2023-20032 - ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability

CVE-2023-20014 - Cisco Nexus Dashboard Denial of Service Vulnerability

CVE-2023-20009, CVE-2023-20075 - Cisco Email Security Appliance and Cisco Secure Email and Web Manager Vulnerabilities

What is vulnerable?

• ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023 cisco-sa-clamav-q8DThCy
• Cisco Nexus Dashboard Denial of Service Vulnerability cisco-sa-ndb-dnsdos-bYscZOsu
• Cisco Email Security Appliance and Cisco Secure Email and Web Manager Vulnerabilities cisco-sa-esa-sma-privesc-9DVkFpJ8

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices.

• ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability

• For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products section of this advisory. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.

• Cisco Nexus Dashboard Denial of Service Vulnerability, Cisco Email Security Appliance and Cisco Secure Email and Web Manager

• Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.