{"id":8602,"date":"2021-08-26T04:52:02","date_gmt":"2021-08-26T11:52:02","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8602"},"modified":"2023-03-03T14:31:23","modified_gmt":"2023-03-03T21:31:23","slug":"july-cisco-patches-31-security-vulnerabilities","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/july-cisco-patches-31-security-vulnerabilities\/","title":{"rendered":"July: Cisco Patches 31 Security Vulnerabilities"},"content":{"rendered":"
Cisco had released security patches to address 31 unique vulnerabilities in July, majority of which have been assigned high severity ratings. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority.<\/p>\n
The 31 vulnerabilities that were patched in July include –<\/p>\n
4 CVEs are classified as Remote Code Execution bugs<\/p>\n<\/li>\n
5 CVEs with Privilege Escalation capabilities<\/p>\n<\/li>\n
6 CVEs are linked to Information Disclosure<\/p>\n<\/li>\n
6 CVEs have Denial of Service capabilities<\/p>\n<\/li>\n
3 CVEs are of Command Injection<\/p>\n<\/li>\n<\/ul>\n
Two of these vulnerabilities have publicly-known exploits with information disclosure possibilities. The first priority would be to fix these two flaws.<\/p>\n
<\/p>\n
Cisco fixed 7 existing vulnerabilities in July, spanning the years from 2018 to 2020.<\/p>\n
2 CVEs have known exploits.<\/p>\n<\/li>\n
1 CVE is featured in CISA.<\/p>\n<\/li>\n
CVE-2020-3155 is categorized under CWE-295<\/strong> that leads to Improper Certificate Validation.<\/p>\n<\/li>\n 3 CVEs are rated critical and 4 of medium severity.<\/p>\n<\/li>\n<\/ul>\n Among these July Cisco patched vulnerabilities, CVE-2018-0155<\/strong> is the one red-flagged by CISA. This vulnerability has a CVSS V3 score of 8.6<\/strong> (High) that leads to Improper Handling of Exceptional Conditions under CWE-755<\/strong>.<\/p>\n<\/h2>\n
CISA Alert<\/strong><\/h2>\n