{"id":8602,"date":"2021-08-26T04:52:02","date_gmt":"2021-08-26T11:52:02","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8602"},"modified":"2023-03-03T14:31:23","modified_gmt":"2023-03-03T21:31:23","slug":"july-cisco-patches-31-security-vulnerabilities","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/july-cisco-patches-31-security-vulnerabilities\/","title":{"rendered":"July: Cisco Patches 31 Security Vulnerabilities"},"content":{"rendered":"<p dir=\"ltr\">Cisco had released security patches to address 31 unique vulnerabilities in July, majority of which have been assigned high severity ratings. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority.<\/p>\n<h2 dir=\"ltr\"><img decoding=\"async\" style=\"width: 800px; height: 513px;\" src=\"\/wp-content\/uploads\/2015\/11\/patch-watch-1-9.png\" alt=\"\" \/><\/h2>\n<h2 dir=\"ltr\"><strong>Weaponized Vulnerabilities<\/strong><\/h2>\n<p dir=\"ltr\">The 31 vulnerabilities that were patched in July include &#8211;<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">4 CVEs are classified as Remote Code Execution bugs<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs with Privilege Escalation capabilities<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">6 CVEs are linked to Information Disclosure<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">6 CVEs have Denial of Service capabilities<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">3 CVEs are of Command Injection<\/p>\n<\/li>\n<\/ul>\n<p>Two of these vulnerabilities have publicly-known exploits with information disclosure possibilities. The first priority would be to fix these two flaws.<\/p>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 338px;\" src=\"\/wp-content\/uploads\/2015\/11\/patch-watch-4-5.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\"><strong>Old Vulnerabilities<\/strong><\/h2>\n<p dir=\"ltr\">Cisco fixed 7 existing vulnerabilities in July, spanning the years from 2018 to 2020.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">2 CVEs have known exploits.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE is featured in CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">CVE-2020-3155 is categorized under <strong>CWE-295<\/strong> that leads to Improper Certificate Validation.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">3 CVEs are rated critical and 4 of medium severity.<\/p>\n<\/li>\n<\/ul>\n<h2 dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 504px;\" src=\"\/wp-content\/uploads\/2015\/11\/patch-watch-3-6.png\" alt=\"\" \/><\/h2>\n<h2 dir=\"ltr\"><strong>CISA Alert<\/strong><\/h2>\n<p dir=\"ltr\">Among these July Cisco patched vulnerabilities, <strong>CVE-2018-0155<\/strong> is the one red-flagged by CISA. This vulnerability has a CVSS V3 score of <strong>8.6<\/strong> (High) that leads to Improper Handling of Exceptional Conditions under <strong>CWE-755<\/strong>.<\/p>\n<p><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrDLPyR8quVoBLOm?backgroundColor=purple&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p dir=\"ltr\"><strong>Table: Cisco July Patches 2021<\/strong><\/p>\n<p>Interestingly, CISA had issued three alert advisories for the month of July urging all the Cisco customers to patch the security vulnerabilities in their multiple products.<\/p>\n<p dir=\"ltr\">Patching vulnerable systems is one of the simplest ways to reduce the possibilities of the vulnerabilities being exploited, and your systems being hacked.<\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><span style=\"font-size: 16px;\"><strong>Does your organization have a patch management program? <a href=\"https:\/\/cybersecurityworks.com\/get-quote.php\">Talk to CSW\u2019s Experts to prioritize the threats that need immediate attention!<\/a><\/strong><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco had released security patches to address 31 unique vulnerabilities in July, majority of which have been assigned high severity ratings. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority. Weaponized Vulnerabilities The 31 vulnerabilities that were patched in July include &#8211; 4 CVEs are classified as [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14437,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[293],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/patch_watch\/8602"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/14437"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=8602"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/patch_category?post=8602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}