Cisco Releases Security Updates for Multiple Products - 20240517002

Overview

Cisco has released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

What is vulnerable?

• Cisco Crosswork Network Services Orchestrator
• Cisco Crosswork Network Services Orchestrator Privilege Escalation
• ConfD CLI Privilege Escalation and Arbitrary File Read and Write
• Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation
• Cisco Crosswork Network Services Orchestrator Open Redirect
• Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting
• Cisco Secure Email Gateway HTTP Response Splitting
• Cisco AppDynamics Network Visibility Service Denial of Service

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• Refer to the 'Fixed Software' section of each advisory for product specific Cisco software fixes:

  • Cisco Crosswork Network Services Orchestrator
  • Cisco Crosswork Network Services Orchestrator Privilege Escalation
  • ConfD CLI Privilege Escalation and Arbitrary File Read and Write
  • Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation
  • Cisco Crosswork Network Services Orchestrator Open Redirect
  • Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting
  • Cisco Secure Email Gateway HTTP Response Splitting
  • Cisco AppDynamics Network Visibility Service Denial of Service

Additional References

• Security Advisories (cisco.com)
• Cisco Releases Security Updates for Multiple Products | CISA