- 45/2023
- Critical
Cisco has released security updates to fix multiple vulnerabilities across multiple products.
The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform cross-site scripting attacks, bypass security restrictions, execute arbitrary code, or cause a denial of service attack on the affected products.
Sample of the addressed vulnerabilities:
1- Cisco ClamAV Buffer Overflow (CVE-2023-20032):
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
2- Cisco Nexus Dashboard Denial of Service (CVE-2023-20014):
• CVSS: 7.5
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Denial of Service
Affected Products:
• Cisco Identity Services Engine.
• Cisco Email Security Appliance (ESA).
• Cisco Nexus Dashboard.
• Cisco AsyncOS for Secure Web Appliance.
• Cisco ClamAV.
• Cisco Secure Email and Web Manager.
Vulnerabilities
- CVE-2023-20057
- CVE-2023-20085
- CVE-2023-20053
- CVE-2023-20052
- CVE-2022-20952
- CVE-2023-20009
- CVE-2023-20075
- CVE-2023-20014
- CVE-2023-20032
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.