Cisco Releases Security Updates for Multiple Products

Scheduled updates for multiple Cisco products, including two critical updates

Threat ID:: CC-3970
Threat Severity:: Information only
Published:: 5 November 2021 2:00 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for multiple Cisco products, including two critical updates

Affected platforms

The following platforms are known to be affected:

Cisco Policy Suite

Cisco Catalyst PON Series Switches

Versions: AsyncOS software for Email Security Appliance (ESA)

Cisco AsyncOS for Email Security Appliance (ESA)

The following platforms are also known to be affected:

250 Series Smart Switches
350 Series Managed Switches
350X Series Stackable Managed Switches
550X Series Stackable Managed Switches
Business 250 Series Smart Switches
Business 350 Series Managed Switches
ESW2 Series Advanced Switches
Small Business 200 Series Smart Switches
Small Business 300 Series Managed Switches
Small Business 500 Series Stackable Managed Switches

Threat details

Introduction

Cisco has released security updates to address vulnerabilities in multiple products, including a critical update for Cisco Policy Suite, a critical update for Catalyst PON Switches, and two others updates rated as High. There have been End-of-Life notices for Cisco Policy Suite for BNG and Cisco Policy Suite for Wi-Fi, but Cisco Policy Suite for Mobile is a current product. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories and apply the necessary updates or workarounds.

Remediation steps

Type	Step
Patch	Cisco Policy Suite Static SSH Keys Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv
Patch	Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr
Patch	Cisco Email Security Appliance Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO
Patch	Cisco Small Business Series Switches Session Credentials Replay Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5

Last edited: 5 November 2021 2:36 pm