Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Cisco Cloud Services Platform 2100 Command Injection Vulnerability cisco-sa-20160921-csp2100-1
- Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability cisco-sa-20160921-csp2100-2
- Cisco IOS and IOS XE IOX Command Injection Vulnerability cisco-sa-20160921-iox
- Cisco Firepower Management Center and FireSIGHT System Software SSL Inspection Bypass Vulnerability cisco-sa-20160921-fmc
- Cisco IOS and IOS XE Software Data in Motion Component Denial of Service Vulnerability cisco-sa-20160921-dmo
- Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability cisco-sa-20160921-cph
- Cisco Application-Hosting Framework HTTP Header Injection Vulnerability cisco-sa-20160921-caf1
- Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vulnerability cisco-sa-20160921-apic
- Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability cisco-sa-20151125-ci