Security News > 2018 > September > Cisco fixes a host of security holes, including latest Apache Struts flaw
2018-09-06 20:21
Cisco has plugged a heap of security holes – three of which are critical – in a variety of its products. The critical flaws The flaws deemed critical are: A DoS and RCE vulnerability (CVE-2018-0423) in the web-based management interface of three series of Cisco wireless VPN routers: RV110W, RV130W, and RV215W. Unfortunately, it has only been fixed in the RV130W series. An Apache Struts RCE vulnerability (CVE-2018-11776) that affects twenty different Cisco products. This … More → The post Cisco fixes a host of security holes, including latest Apache Struts flaw appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/8uXc02wWns8/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-0423 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. | 9.3 |
| 2018-08-22 | CVE-2018-11776 | Improper Input Validation vulnerability in Apache Struts Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. | 8.1 |