Cisco security advisory on Apache Struts vulnerability

Cisco has updated the list of Cisco products under investigation, vulnerable and confirmed not vulnerable to the latest Apache Struts 2 vulnerability (CVE-2018-11776).

The vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

Cisco mentioned some of their vulnerable products “contain an affected Struts library, but due to how the library is used within the product, these products are not vulnerable to any of the exploitation vectors known to Cisco at the time of publication.”

A patch file was made available on Friday for their Cisco Identity Services Engine (ISE). Quite a few Cisco products were found not vulnerable as described in the security advisory update on Friday.