Multiple Vulnerabilities Found in Cisco Products, France’s CERT-FR Issues Advisory

France’s Computer Emergency Response Team (CERT-FR) has issued an advisory regarding multiple vulnerabilities discovered in Cisco products. The vulnerabilities could lead to remote code execution, data confidentiality breaches, and privilege escalation.

Affected Systems:

• Cisco ThousandEyes Enterprise Agent (versions prior to 0.218)
• Cisco Duo Device Health Application (Windows) (versions 5.0.0 and 5.1.0 prior to 5.2.0)
• Cisco Unified CM and Unified CM SME (versions 11.5(1) and 12.5(1) prior to 12.5(1)SU8)
• Cisco Secure Endpoint Connector (Linux) (versions prior to 1.22.0)
• Cisco Secure Endpoint Connector (MacOS) (versions prior to 1.22.0)
• Cisco Secure Endpoint Connector (Windows) (versions prior to 8.1.7.21585)
• Cisco Secure Endpoint Private Cloud (versions prior to 3.8.0)

Summary:

Several vulnerabilities have been identified in Cisco products, posing risks of remote code execution, data breach, and privilege escalation.

Solution:

Cisco has provided security patches for the affected products. Refer to the vendor’s security bulletin for detailed information and updates.

For more details, refer to the official advisory from CERT-FR: Link

https://www.cert.ssi.gouv.fr//avis/CERTFR-2023-AVI-0658/