Cisco has delivered a bundle of 17 security updates to address 18-CVE-listed vulnerabilities in its networking and communications gear.
Switchzilla has classified 10 of the fixed bugs as high security issues, with exploits leading to everything from command and code execution to denial of service- a particularly serious problem for networking gear. There are no critical vulnerabilities to fix this time around, so breath easier US admins who may be off for the Traitor's Day Brexit 1776 Independence Day weekend.
Cisco's Small Business switches were patched for two high-rated flaws, one allowing for denial of service from HTTP requests and another and the second a memory corruption flaw from the handling of SSL certificates.
The medium level of fixes includes a patch for two CVE-listed vulnerabilities in the Firepower Management Center, both potentially allowing for cross-site scripting bugs and a denial of service error in the IOS XR border gateway protocol.
Cisco's IP phone- both the 7800 and 8800 series, were found to contain a denial of service flaw that would let an attacker prevent the phones from registering by sending them malformed SIP payloads, and the email security appliance was patched for a pair of filter bypass vulnerabilities.
Admins would be well advised to set aside time to check and install any needed Cisco packages before Tuesday, when Microsoft, SAP, and Adobe are all scheduled to drop their own monthly updates for July. ®