France’s Computer Emergency Response Team (CERT-FR) has issued an advisory regarding multiple vulnerabilities discovered in Cisco products. The vulnerabilities could lead to remote code execution, data confidentiality breaches, and privilege escalation.
Affected Systems:
- Cisco ThousandEyes Enterprise Agent (versions prior to 0.218)
- Cisco Duo Device Health Application (Windows) (versions 5.0.0 and 5.1.0 prior to 5.2.0)
- Cisco Unified CM and Unified CM SME (versions 11.5(1) and 12.5(1) prior to 12.5(1)SU8)
- Cisco Secure Endpoint Connector (Linux) (versions prior to 1.22.0)
- Cisco Secure Endpoint Connector (MacOS) (versions prior to 1.22.0)
- Cisco Secure Endpoint Connector (Windows) (versions prior to 8.1.7.21585)
- Cisco Secure Endpoint Private Cloud (versions prior to 3.8.0)
Summary:
Several vulnerabilities have been identified in Cisco products, posing risks of remote code execution, data breach, and privilege escalation.
Solution:
Cisco has provided security patches for the affected products. Refer to the vendor’s security bulletin for detailed information and updates.
For more details, refer to the official advisory from CERT-FR: Link