Cisco Releases Security Updates for Multiple Products

06/16/2022 11:00 AM EDT

Original release date: June 16, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for Multiple Products

06/14/2022 08:41 PM EDT

Original release date: June 14, 2022

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.  

This product is provided subject to this Notification and this Privacy & Use policy.

Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE26134

06/03/2022 01:42 PM EDT

Original release date: June 3, 2022

Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of tmhis vulnerability..

CISA strongly urges organizations to review Confluence Security Advisory 2022-06-02 and upgrade Confluence Server and Confluence Data Center.

Note: per BOD 22-01 Catalog of Known Exploited Vulnerabilities, federal agencies are required to immediately block all internet traffic to and from Atlassian’s Confluence Server and Data Center products AND either apply the software update to all affected instances OR remove the affected products by 5 pm ET on Monday, June 6, 2022.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Products for Multiple Firefox Products

05/23/2022 11:30 AM EDT

Original release date: May 23, 2022

Mozilla has released security updates to address vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. An attacker could exploit these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-19 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

05/18/2022 12:43 PM EDT

Original release date: May 18, 2022

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.

The CSA, AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, provides indicators of compromise and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to active exploitation of CVE-2022-22954 and CVE-2022-22960.  Malicious cyber actors were able to reverse engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022. 

ED 22-03 directs all Federal Civilian Executive Branch agencies to enumerate all instances of affected VMware products and either deploy updates provided in VMware Security Advisory VMSA-2022-0014, released May 18, 2022, or remove those instances from agency networks.

CISA strongly encourages all organizations to deploy updates provided in VMware Security Advisory VMSA-2022-0014 or remove those instances from networks. CISA also encourages organizations with affected VMware products that are accessible from the internet to assume compromise and initiate threat hunting activities using the detection methods provided in the CSA. If potential compromise is detected, administrators should apply the incident response recommendations included in the CSA.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Multiple Products

05/17/2022 12:00 PM EDT

Original release date: May 17, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Note: Apple notes they are aware of a report that states CVE-2022-22675 may have been actively exploited. CVE-2022-22675 affects watchOS, tvOS, and macOS Big Sur.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for Multiple Products

05/12/2022 11:16 AM EDT

Original release date: May 12, 2022

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. 

•    Character Animator APSB22-21 
•    ColdFusion APSB22-22 
•    InDesign APSB22-23 
•    Framemaker APSB22-27 
•    InCopy APSB22-28

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

04/27/2022 06:25 PM EDT

Original release date: April 27, 2022 | Last revised: April 28, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

04/21/2022 06:28 AM EDT

Original release date: April 21, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Juniper Networks Releases Security Updates for Multiple Products

04/14/2022 12:00 PM EDT

Original release date: April 14, 2022

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.