Three high-severity security update patches for Cisco appliances have been released, which affects Webex Teams for Windows (CVE-2020-3535), its Identity Services Engine (CVE-2020-3467), and Video Surveillance 8000 Series IP Cameras (CVE-2020-3544).
Allow the attacker to modify parts of the configuration using authenticated user. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network
Allow the attacker to execute arbitrary code on the targeted system using valid credentials from the authenticated user.
Allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.
Cisco Identity Services Engine (ISE) version 2.3, 2.4, 2.5, 2.6 and 2.7
Cisco Webex Teams for Windows releases 3.0.13464.0 through 3.0.16040.0.
Cisco Video Surveillance 8000 Series IP Cameras if they are running a firmware release earlier than Release 1.0.9-5 and have the Cisco Discovery Protocol enabled
Upgrade to an appropriate fixed software release as indicated below:
Update the Cisco Webex Teams Apps to the latest version.
For information about updating the client, see the Update the Cisco Webex Teams App to the Latest Release help article.
To download the firmware from the Software Center (https://software.cisco.com/download/home) on Cisco.com, do the following:
- Click Browse all.
- Choose Connected Safety and Security > Video Surveillance IP Cameras > Video Surveillance 8000 Series IP Cameras.
- Choose the appropriate IP camera model.
- Click Video Surveillance 8000 Series IP Camera Firmware.
- Choose a release from the left pane of the product page