Cisco pushed out several high and medium-rated security patches covering a number of the company’s products.
There are six high-rated and 11 medium-rated patches covered in the update.
The high-rated problems include a vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system; in the Identity Services Engine integration feature of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer tunnel established between ISE and PI and a vulnerability in the Quality of Voice Reporting service of Cisco Prime Collaboration Assurance Software could allow an unauthenticated, remote attacker to access the system as a valid user.
Some of the medium-rated issues included a problem Cisco Webex Meetings Online could allow an unauthenticated, remote attacker to inject arbitrary text into a user’s browser; a flaw in the web-based user interface of Cisco Internet of Things Field Network Director Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system and a problem in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the web-based management interface of an affected system.