Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system.
Cisco products affected by this vulnerability include:
- Cisco Business Edition 3000 Series
- Cisco Identity Services Engine (ISE)
- Cisco Media Experience Engine (MXE) 3500 Series
- Cisco Unified Contact Center Enterprise (Cisco Unified CCE)
US-CERT encourages users and administrators to review the Cisco Advisory and apply the necessary updates.