Security Update:CISCO released 2 High security advisories to address vulnerabilities in multiple products
Date and Time
CISCO released 2 High security advisories to address vulnerabilities in multiple products.
Advanced Users: For a complete description of the vulnerabilities visit:
- Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-inject
- Cisco StarOS IPv4 Fragmentation Denial of Service Vulnerability: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos
- The following Cisco products running a Multiplatform Firmware release prior to Release 11.2(1):
- IP Phone 6800 Series with Multiplatform Firmware
- IP Phone 7800 Series with Multiplatform Firmware
- IP Phone 8800 Series with Multiplatform Firmware
- The following Cisco products running any release of the StarOS operating system prior to the first fixed release:
- Cisco Virtualized Packet Core-Single Instance (VPC-SI)
- Cisco Virtualized Packet Core-Distributed Instance (VPC-DI)
- Cisco Ultra Packet Core (UPC)
WHAT’S THE PROBLEM?
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
WHAT DO I NEED TO DO?
Users and administrators are encouraged to review the above Cisco Security Advisory and apply the offered updates.
- IT SECURITY at https://it.ucsf.edu/security