Cisco patches critical vulnerabilities

Cisco released four critical security advisories on Wednesday for multiple Cisco products. 

One of the critical updates is for the Apache Struts Commons FileUpload library remote code execution vulnerability (CVE-2016-1000031). Cisco is investigating to see whether any of their products are vulnerable to this bug, but so far has not found any impacted products. 

Earlier this week, the Apache Software Foundation released a security update recommending the upgrade of Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. 

Another critical vulnerability impacts Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise. This authentication bypass vulnerability (CVE-2018-15394) is caused by an insecure system configuration and could allow an attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.

The two other critical updates include a Cisco Small Business Switches privileged access vulnerability (CVE-2018-15439) and a Cisco Unity Express (CUE) arbitrary command execution vulnerability (CVE-2018-15381). Each carries a CVSS base score of 9.8 (10 being the highest severity).