A patch is now available: Cisco has released software updates to address the flaw and is advising customers with service contracts entitled to regular updates to apply patches as they receive them.Customers without a service contract are advised to obtain the upgrades by contacting Cisco TAC. This includes customers who either purchase directly from Cisco but do not hold a service contract, or the ones who purchase from third-party vendors but did not obtain a fix from them.For others unable to update to a fixed version for various reasons, Cisco recommended practicing caution before implementing other mitigations. “Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment,” the company said. Customers were also advised to use Cisco Software Checker to determine their exposure to the vulnerability. Cisco said that its product security incident response team (PSIRT) isn’t yet aware of any active exploitation of the flaw, which was discovered during an internal security testing.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3982055/cisco-patches-max-severity-flaw-allowing-arbitrary-command-execution.html
