Cisco released new security update with the patches for several vulnerabilities that affected various Cisco products including Cisco Web Security Appliance, Cisco IP phone, Fabric switches, Email Security Appliances and more.
Totality 19 vulnerabilities are fixed, in which 10 vulnerabilities are categorized under high severity, 8 fixed under Medium severity, 1 fixed under informational.
A vulnerability ( CVE-2019-1894 ) affected Cisco Enterprise NFV Infrastructure Software allows a remote attacker who has admin level permission will overwrite or read arbitrary files on vulnerable devices.
Another high severity vulnerability (CVE-2019-1892 ) resides in the Secure Sockets Layer (SSL) input packet processor let a remote attacker cause memory corruption on Cisco Small Business 200, 300, and 500 Series Managed Switches.
Vulnerability ( CVE-2019-1884 ) in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an authenticated, remote attacker to cause a denial of service (DoS).
Privilege Escalation Vulnerability (CVE-2019-1889 ) resides in the Cisco Application Policy Infrastructure Controller REST API allows remote attackers to escalate the privilege to gain root access from the affected device.
Cisco Security Update List
Cisco advised affected customers to apply these patches immediately to keep the network and application safe and secure from cyber attack.
Cisco has released updates to address this vulnerability; you can find the advisory here.