Cisco Releases Advisories for Multiple Products - 20231002007

Overview

Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

What is vulnerable?

Advisories have been published for the following products:

• Cisco Catalyst SD-WAN Manager Vulnerabilities cisco-sa-sdwan-vman-sc-LRLfu2z
• Cisco IOS XE Software Web UI Command Injection Vulnerability cisco-sa-webui-cmdij-FzZAeXAy
• Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability cisco-sa-mlre-H93FswRz
• Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability cisco-sa-ios-xe-l2tp-dos-eB5tuFmV
• Cisco DNA Center API Insufficient Access Control Vulnerability cisco-sa-dnac-ins-acc-con-nHAVDRBZ
• Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability cisco-sa-cat3k-dos-ZZA4Gb3r
• Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability cisco-sa-appqoe-utd-dos-p8O57p5y
• Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability cisco-sa-aaascp-Tyj4fEJm

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management).

Additional References

• Cisco Security Advisories Dashboard: https://sec.cloudapps.cisco.com/security/center/publicationListing.x