- 82/2023
- High
Cisco has released security updates to address several vulnerabilities affecting multiple products.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands, gain access, bypass security restrictions, obtain information, cause a denial of service, or trigger a cross-site scripting attack on the affected products.
Sample of the addressed vulnerabilities:
1. Cisco Secure Network Analytics Code Execution (CVE-2023-20102):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Execution (CVE-2023-20128):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Sample of the affected products:
- Secure Network Analytics Virtual Manager.
- Stealthwatch Management Console 2200.
- Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers.
- Cisco Identity Services Engine (ISE).
- Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC).
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.