HashiCorp Consul/Consul Enterprise up to 1.8.14/1.9.8/1.10.1 Raft RPC Layer Privilege Escalation
A vulnerability, which was classified as critical, has been found in HashiCorp Consul and Consul Enterprise up to 1.8.14/1.9.8/1.10.1. This
A vulnerability, which was classified as critical, has been found in HashiCorp Consul and Consul Enterprise up to 1.8.14/1.9.8/1.10.1. This
A vulnerability was found in HashiCorp Consul and Consul Enterprise up to 1.8.14/1.9.8/1.10.1 and classified as critical. Affected by this
A vulnerability was found in Hashicorp Consul and Consul Enterprise up to 1.10.0 and classified as critical. Affected by this
A vulnerability has been found in Hashicorp Consul and Consul Enterprise up to 1.10.0 and classified as problematic. Affected by
Overview : HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Information Disclosure and DDoS Vulnerabilities Affected Product(s) : This vulnerability
[vc_row][vc_column width=”1/2″][st_heading title=”LATEST TECHNOLOGY FOR BETTER SECURITY”][/st_heading][vc_column_text]Technical Expertise in most of the IT Development scenarios. Right Hardware, Best Solution for
Prophaze vs Radware A Comprehensive Comparison At Prophaze, we understand the critical importance of safeguarding your digital assets from evolving
Prophaze vs F5 A Comprehensive Comparison At Prophaze, we understand the critical importance of safeguarding your digital assets from evolving
Prophaze vs Akamai A Comprehensive Comparison At Prophaze, we understand the critical importance of safeguarding your digital assets from evolving
Prophaze vs Imperva A Comprehensive Comparison At Prophaze, we understand the critical importance of safeguarding your digital assets from evolving
Prophaze vs Azure A Comprehensive Comparison At Prophaze, we understand the critical importance of safeguarding your digital assets from evolving
Prophaze vs AWS A Comprehensive Comparison At Prophaze, we understand the critical importance of safeguarding your digital assets from evolving
Prophaze vs Cloud Armor A Comprehensive Comparison At Prophaze, we understand the critical importance of safeguarding your digital assets from
Prophaze vs Cloudflare A Comprehensive Comparison At Prophaze, we understand the critical importance of safeguarding your digital assets from evolving
Prophaze Behavioral based ML module for Edtech Prophaze’s Behavioral-Based ML Module enhances EdTech security with advanced bot protection and seamless scalability
Zero-Configuration Web Application and API Protection for Kubernetes Zero-Configuration Web Application and API Protection (WAAP), DDoS protection and Bot Mitigation
Description This Security Alert addresses vulnerability CVE-2022-21500, which affects some deployments of Oracle E-Business Suite. This vulnerability is remotely exploitable
Cyber-Security Challenges in Aviation Industry Distributed Denial-of-Service (DDoS) and DoS attacks on network assets at the airport, most notably, Vulnerability
What is the business transformation that is prompting your technology transformation? Cloud is a transformative piece of technology that can
Prophaze WAF | Protection WAF Pricing Prophaze WAF is a Native Cloud Web Application Firewall that intelligently tracks down the
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Fixed Releases
At the time of publication, Cisco Webex Player releases 41.5 and later contained the fix for this vulnerability. Releases are available from the Cisco Webex Video Recording page or from corresponding Cisco Webex Meetings sites.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Fixed Releases
In the following table(s), the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by any of the vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities.
FTD Software
Cisco FTD Software Release
First Fixed Release for This Vulnerability
Recommended Fixed Release for All Vulnerabilities Described in the Bundle of Advisories
Earlier than 6.2.21
Not vulnerable.
Migrate to a fixed release.
6.2.2
Not vulnerable.
Migrate to a fixed release.
6.2.3
Not vulnerable.
Migrate to a fixed release.
6.3.0
Migrate to a fixed release.
Migrate to a fixed release.
6.4.0
Not vulnerable.
6.4.0.12 (May 2021)
6.5.0
Not vulnerable.
Migrate to a fixed release.
6.6.0
Not vulnerable.
6.6.42
6.7.0
Not vulnerable.
6.7.0.2
1. Cisco FMC and FTD Software releases 6.0.1 and earlier, as well as releases 6.2.0 and 6.2.1, have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability.
2. The First Fixed Release for the 6.6.0 code train was 6.6.3; however, due to upgrade issues associated with CSCvx86231 the recommended release is 6.6.4.
To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following:
For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy.
For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy.
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s):
Cisco SD-WAN Software Release
First Fixed Release
18.4 and earlier
Not vulnerable
19.2
Not vulnerable
20.1
Not vulnerable
20.3
Not vulnerable
20.4
20.4.2
20.5
20.5.1
Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Fixed Releases
In the following table(s), the left column lists Cisco software releases. The right column indicates whether a release is affected by the vulnerabilities described in this advisory and the first release that includes the fix for these vulnerabilities. Customers are advised to upgrade to an appropriate fixed software release as indicated in this section.
Cisco StarOS Release
First Fixed Release
Earlier than 21.16
Migrate to 21.16.9
21.16
21.16.9
21.17
21.17.10
21.18
21.18.16
21.19
26.19.11
21.19.n
21.19.n7
21.20
21.20.8
21.21 and later
Not vulnerable