The network services giant, CISCO, has accidentally outed an exploit within its communications platforms and products. The so-called Dirty Cow flaw within Linux varieties creates an Apache vulnerability that impacts on Cisco TelePresence Video Communications services.
CISCO has announced: “On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. Systems using earlier versions of this library may be exposed to attacks that could allow execution of arbitrary code or modifications of files on the system. The issue is caused by a previously reported vulnerability of the Apache Commons FileUpload library, assigned to CVE-2016-1000031.
The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by submitting crafted data to an affected system. A successful exploit could allow the attacker to execute arbitrary code or manipulate files on the targeted system. This advisory will be updated as additional information becomes available.”
The company, therefore, promotes the download of new validation vulnerability patches and fixes. The move, as stated above, affects a range of Cisco products.