Security News > 2018 > September > Cisco fixes a host of security holes, including latest Apache Struts flaw

Cisco fixes a host of security holes, including latest Apache Struts flaw
2018-09-06 20:21

Cisco has plugged a heap of security holes – three of which are critical – in a variety of its products. The critical flaws The flaws deemed critical are: A DoS and RCE vulnerability (CVE-2018-0423) in the web-based management interface of three series of Cisco wireless VPN routers: RV110W, RV130W, and RV215W. Unfortunately, it has only been fixed in the RV130W series. An Apache Struts RCE vulnerability (CVE-2018-11776) that affects twenty different Cisco products. This … More → The post Cisco fixes a host of security holes, including latest Apache Struts flaw appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/8uXc02wWns8/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-10-05 CVE-2018-0423 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code.
network
cisco CWE-119
critical
 9.3
9.3
2018-08-22 CVE-2018-11776 Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
network
high complexity
apache netapp oracle
8.1
8.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4427 230 3112 1861 609 5812
Apache 305 59 859 659 313 1890