Cisco lukker hul i Struts i flere produkter

Sårbarheden har været kendt siden den 6. marts. Den findes i Jakarta Multipart-parseren, der indgår i Apache Struts 2. Dermed er en række produkter, der anvender Struts, ramt.

Cisco har fundet frem til 21 produkter, der anvender Struts og derfor er sårbare.

Firmaet har udsendt rettelser til de fleste.

Cisco har endvidere udsendt en række andre sikkerhedsrettelser. De fjerner primært sårbarheder, der kan sætte produkter ud af drift.

Anbefaling

Gennemgå listen over sårbare produkter og opdater dem, som I anvender.

Links

• Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products
• Cisco Unified Communications Manager Denial of Service Vulnerability
• Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability
• Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities
• Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability
• Cisco ASA Software SSL/TLS Denial of Service Vulnerability
• Cisco ASA Software IPsec Denial of Service Vulnerability
• Cisco ASA Software DNS Denial of Service Vulnerability
• Cisco Prime Network Registrar DNS Denial of Service Vulnerability
• Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
• Cisco FindIT Network Probe Information Disclosure Vulnerability
• Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability
• Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability
• Cisco Integrated Management Controller User Session Hijacking Vulnerability
• Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
• Cisco Integrated Management Controller Command Execution Vulnerability
• Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability
• Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability