CSW Discovers its 50th Zero Day!

July: Cisco Patches 31 Security Vulnerabilities

Posted on Aug 26, 2021 | By Pavithra Shankar

Cisco had released security patches to address 31 unique vulnerabilities in July, majority of which have been assigned high severity ratings. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority.

Weaponized Vulnerabilities

The 31 vulnerabilities that were patched in July include -

  • 4 CVEs are classified as Remote Code Execution bugs

  • 5 CVEs with Privilege Escalation capabilities

  • 6 CVEs are linked to Information Disclosure

  • 6 CVEs have Denial of Service capabilities

  • 3 CVEs are of Command Injection

Two of these vulnerabilities have publicly-known exploits with information disclosure possibilities. The first priority would be to fix these two flaws.

Old Vulnerabilities

Cisco fixed 7 existing vulnerabilities in July, spanning the years from 2018 to 2020. 

  • 2 CVEs have known exploits.

  • 1 CVE is featured in CISA.

  • CVE-2020-3155 is categorized under CWE-295 that leads to Improper Certificate Validation.

  • 3 CVEs are rated critical and 4 of medium severity.

CISA Alert

Among these July Cisco patched vulnerabilities, CVE-2018-0155 is the one red-flagged by CISA. This vulnerability has a CVSS V3 score of 8.6 (High) that leads to Improper Handling of Exceptional Conditions under CWE-755.

Table: Cisco July Patches 2021

Interestingly, CISA had issued three alert advisories for the month of July urging all the Cisco customers to patch the security vulnerabilities in their multiple products.

Patching vulnerable systems is one of the simplest ways to reduce the possibilities of the vulnerabilities being exploited, and your systems being hacked.

Does your organization have a patch management program? Talk to CSW’s Experts to prioritize the threats that need immediate attention!

Test your defense to know how secure you are…