Cisco posted an updated security advisory for products impacted by Apache Struts Remote Code Execution Vulnerability (CVE-2018-11776). Cisco also released a software update that fixes a critical Cisco Umbrella API vulnerability.
Several patches will be made available this month to include the following products (with planned release date): Cisco Finesse and Cisco Unified Contact Center Enterprise – Live Data server (Sept 7), Cisco SocialMiner (Sept 11), and Cisco Video Distribution Suite for Internet Streaming (Sept 15).
Cisco fixes critical vulnerability in Umbrella
Cisco released a software update that fixes a critical Cisco Umbrella API Unauthorized Access Vulnerability (CVE-2018-0435).
Umbrella is a cloud security platform used to block users from visiting malicious destinations, wherever users go. It includes DNS & IP layer enforcement, proxy and command & control callback blocking.
“The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations,” Cisco said in the advisory.
CVSS base score of the Umbrella bug is rated 9.1.