Cisco Addresses Apache Struts 2 Vulnerability

Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system.

Cisco products affected by this vulnerability include:

  • Cisco Business Edition 3000 Series
  • Cisco Identity Services Engine (ISE)
  • Cisco Media Experience Engine (MXE) 3500 Series
  • Cisco Unified Contact Center Enterprise (Cisco Unified CCE)

US-CERT encourages users and administrators to review the Cisco Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No