Cisco Product Alert: Cisco Finds 4 High-Severity Flaws And 15 Others
By: Jim Stickley and Tina Davis
August 13, 2021
Those organizations using Cisco products should be on high alert over four high-severity flaws recently discovered, with some found during internal testing by the company. It’s time for IT departments and those responsible for securing their business data systems to update a range of recently announced flaws by Cisco. The company provides details of the specific products and the vulnerabilities these flaws create. Below are the four highest-severity flaws needing to be updated.
Flaws by Severity Rating
8.6 out of 10 severity rating. Bug tracker ID: CVE-2020-3363
This high-severity flaw involves the processing engine of Cisco’s Small Business Smart and Managed Switches. This vulnerability could allow remote attackers with no credentials to launch a denial of service on affected devices. Cisco says that only four of the involved switches have updates. The others are past their end-of-software-maintenance lifespan and should be replaced with newer versions.
8.6 out of 10 severity rating. Bug tracker ID: CVE-2020-3324
This high-severity flaw involves Cisco StarOS, allows non-credentialed remote attackers to launch a denial of service on affected routers.
7.8 out of 10 severity rating. Bug tracker ID: CVE-2020-3433
This high-severity flaw involves AnyConnect VPN mobility client for Windows. It allows authenticated, local attackers to hijack a dynamic link library (DLL). Attackers can get System privileges allowing them to execute arbitrary code on a device.
7.5 out of 10 severity rating. Bug tracker ID: CVE-2020-3411
Some versions of Cisco’s DNA Center network automation software are vulnerable. These versions allow remote attack access to sensitive data that includes configuration files.
Follow Up with Cisco Website
Updating security flaws should be done as quickly as possible since the flaws can be abused at any time until fixed. Should your business be using a Cisco product that’s no longer supported, it’s time to update to one that is. Cisco also has 15 medium-severity flaws listed on their Cisco Security Advisories webpage. All users should visit the Advisory page for more details and product security updates.