Cisco has fixed a High risk Cisco IOS XE SD-WAN Software command injection vulnerability that could allow a hacker to execute code with root privileges. The tech giant also released security updates for Analog Telephone Adapter and Web Security Appliance vulnerabilities.
Cisco has fixed five High risk Cisco IOS XR Software vulnerabilities in multiple network products, as well as a security update for OpenSSL vulnerabilities.
Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.
Cisco has released a security update for a Critical UPnP vulnerability CVE-2021-34730 in Small Business router models, as well as multiple vulnerabilities in other Cisco products.
Cisco issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.
Cisco has patched multiple vulnerabilities in Cisco SD-WAN, Small Business routers, Unified Communications Products and Advanced Malware Protection. Two of those vulnerabilities (CVE-2021-1479, CVE-2021-1459) are rated Critical.
Cisco has patched a Cisco AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366). An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.
Cisco has patched multiple remote code execution vulnerabilities in Small Business router models RV160, RV160W, RV260, RV260P and RV260W VPN Routers.
Cisco has patched eight Critical vulnerabilities in SD-WAN products, as well as fixes for multiple other network products.
Cisco has patched multiple vulnerabilities in Small Business routers, Cisco Connected Mobile Experiences (CMX) and AnyConnect products.