Highlights and Updates

Cisco Releases Security Updates

Thursday, 23rd January 2020

Cisco has released updatesto address vulnerabilities affecting multiple products. A remote attacker couldexploit some of these vulnerabilities to take control of an affected system.For updates addressing lower severity vulnerabilities, see the Cisco SecurityAdvisories page.

We encourage users and administrators toreview the following Cisco advisories and apply the necessary updates:

·        FirepowerManagement Center Lightweight Directory Access Protocol Authentication BypassVulnerability cisco-sa-20200122-fmc-auth

·        TelePresenceCollaboration Endpoint, TelePresence Codec, and RoomOS Software Path TraversalVulnerability cisco-sa-telepresence-path-tr-wdrnYEZZ

·        IOS XE SD-WANSoftware Default Credentials Vulnerability cisco-sa-sd-wan-cred-EVGSF259

·        SD-WAN SolutionLocal Privilege Escalation Vulnerability cisco-sa-20200122-sdwan-priv-esc

·        Smart SoftwareManager On-Prem Web Interface Denial of Service Vulnerabilitycisco-sa-20200122-on-prem-dos

·        IOS XR SoftwareEVPN Operational Routes Denial of Service Vulnerabilitycisco-sa-20200122-ios-xr-routes

·        IOS XR SoftwareBGP EVPN Denial of Service Vulnerabilities cisco-sa-20200122-ios-xr-evpn

·        IOS XR SoftwareIntermediate System–to–Intermediate System Denial of Service Vulnerabilitycisco-sa-20200122-ios-xr-dos