Several Cisco Products May Be Impacted by Apache Struts 2 Vulnerabilities

According to two Cisco Security Advisories, multiple Cisco products incorporate a version of the Apache Struts package that is impacted by the vulnerabilities outlined in last week’s NJCCIC Cyber Alert and Weekly Bulletin. Several Cisco products are under investigation to determine whether or not, or to what extent, the Apache Struts vulnerabilities impact product users. However, until this is determined, there currently is no available patch or workaround for these Cisco products. The NJCCIC encourages users and administrators to review both Cisco’s September 7 and September 9 security advisories and use the recommended Snort SIDs to monitor for possible exploitation of these vulnerabilities.

AdvisoryNJCCICCisco, Apache