- 53/2023
- High
Cisco has released security updates to address vulnerabilities affecting multiple products.
The addressed vulnerabilities could allow the attacker to gain access, obtain information, or cause a denial of service attack on the affected systems.
Sample of the addressed vulnerabilities:
Cisco APIC and Cisco Cloud Network Controller CSRF (CVE-2023-20011):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
Sample of the affected products:
• Secure Endpoint, formerly Advanced Malware Protection (AMP).
• Cisco APIC.
• Cisco Cloud Network Controller.
• Cisco Nexus 9000 Series Fabric Switches.
• Firepower 4100 Series.
Vulnerabilities
- CVE-2023-20032
- CVE-2023-20011
- CVE-2023-20089
- CVE-2023-20016
- CVE-2023-20050
- CVE-2023-20015
- CVE-2023-20012
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.