Cisco had released security patches to address 31 unique vulnerabilities in July, majority of which have been assigned high severity ratings. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority.
Weaponized Vulnerabilities
The 31 vulnerabilities that were patched in July include –
-
4 CVEs are classified as Remote Code Execution bugs
-
5 CVEs with Privilege Escalation capabilities
-
6 CVEs are linked to Information Disclosure
-
6 CVEs have Denial of Service capabilities
-
3 CVEs are of Command Injection
Two of these vulnerabilities have publicly-known exploits with information disclosure possibilities. The first priority would be to fix these two flaws.
Old Vulnerabilities
Cisco fixed 7 existing vulnerabilities in July, spanning the years from 2018 to 2020.
-
2 CVEs have known exploits.
-
1 CVE is featured in CISA.
-
CVE-2020-3155 is categorized under CWE-295 that leads to Improper Certificate Validation.
-
3 CVEs are rated critical and 4 of medium severity.
CISA Alert
Among these July Cisco patched vulnerabilities, CVE-2018-0155 is the one red-flagged by CISA. This vulnerability has a CVSS V3 score of 8.6 (High) that leads to Improper Handling of Exceptional Conditions under CWE-755.
Table: Cisco July Patches 2021
Interestingly, CISA had issued three alert advisories for the month of July urging all the Cisco customers to patch the security vulnerabilities in their multiple products.
Patching vulnerable systems is one of the simplest ways to reduce the possibilities of the vulnerabilities being exploited, and your systems being hacked.
Does your organization have a patch management program? Talk to CSWโs Experts to prioritize the threats that need immediate attention!