Table of Contents
April 13, 2022
|7m
List Of Cisco Products Affected By Spring4Shell Vulnerability
It’s been two weeks since the discloser of a critical vulnerability doubted Spring4Shell, which could cause severe damage to tons of applications. We are talking about a vulnerability that has a CVE ID CVE-2022-22965 assigned with a CVSS score of 9.8 and a Critical severity badge. Considering its severity and impact, it is important to fix the flaw as soon as you can. Network appliances giant Cisco has been in the process of validating its products since it was disclosed. Now they have come up with a list of products that tells which ones are vulnerable and which are not. In this post, let’s see the list of Cisco products affected by the Spring4Shell vulnerability.
To your note, please don’t consider this as a final list. There are a few products still in review. This list will continue to be updated as new information becomes available. Cisco strongly advises customers to update their devices to a fixed release of software as soon as possible in order to protect against this and other threats. Please see the Cisco Security Advisories and Notices page for more information on fixing this issue.
List Of Cisco Products Affected By Spring4Shell Vulnerability:
Cisco has released a list of products that are affected by the Spring4Shell vulnerability. The complete list is available here:
Note: This list could be updated as the investigation progresses.
| Product | Cisco Bug ID | Fixed Release Availability |
|---|---|---|
| Endpoint Clients and Client Software | ||
| Cisco CX Cloud Agent Software | CSCwb41735 | 2.1.0 (20 Apr 2022) |
| Network Management and Provisioning | ||
| Cisco Automated Subsea Tuning | CSCwb43658 | |
| Cisco Crosswork Data Gateway | CSCwb43707 | |
| Cisco Crosswork Network Controller | CSCwb43703 | 3.0.2 (29 Apr 2022) 2.0.2 (29 Apr 2022) |
| Cisco Crosswork Optimization Engine | CSCwb43709 | 3.1.1 (1 May 2022) 2.1.1 (1 May 2022) |
| Cisco Crosswork Zero Touch Provisioning (ZTP) | CSCwb43706 | 3.0.2 (29 Apr 2022) 2.0.2 (20 Apr 2022) |
| Cisco Evolved Programmable Network Manager | CSCwb43643 | 6.0.1.1 (29 Apr 2022) 5.1.4.1 (29 Apr 2022) 5.0.2.3 (29 Apr 2022) |
| Cisco Managed Services Accelerator (MSX) | CSCwb43667 | |
| Cisco Optical Network Planner | CSCwb43691 | |
| Cisco WAN Automation Engine (WAE) Live | CSCwb43708 | 7.5.2.1 (19 Apr 2022) 7.4.0.2 (25 Apr 2022) 7.3.0.3 (29 Apr 2022) |
| Cisco WAN Automation Engine (WAE) | CSCwb43708 | 7.5.2.1 (19 Apr 2022) 7.4.0.2 (25 Apr 2022) 7.3.0.3 (29 Apr 2022) |
| Data Center Network Manager (DCNM) | CSCwb43637 | 12.1.1 (30 Jun 2022) |
| Nexus Dashboard Fabric Controller (NDFC) | CSCwb43637 | 12.1.1 (30 Jun 2022) |
| Routing and Switching – Enterprise and Service Provider | ||
| Cisco DNA Center | CSCwb43648 | |
| Cisco Optical Network Controller | CSCwb43692 | 2.0 (31 May 2022) |
| Cisco Software-Defined AVC (SD-AVC) | CSCwb43727 | |
| Voice and Unified Communications Devices | ||
| Cisco Enterprise Chat and Email | CSCwb45202 | 12.0 (30 May 2022) 12.5 (30 May 2022) 12.6 ES2 (15 May 2022) |
| Video, Streaming, TelePresence, and Transcoding Devices | ||
| Cisco Meeting Server | CSCwb43662 |
List Of Cisco Products Under Review:
Please have the list of products which are still under investigation at the time of publishing this post.
Network Management And Provisioning
Cisco Connected Pharma
Cisco Extensible Network Controller (XNC)
Cisco Network Change and Configuration Management
Cisco Nexus Dashboard Data Broker, formerly Cisco Nexus Data Broker
Cisco Nexus Dashboard, formerly Cisco Application Services Engine
Routing And Switching – Enterprise And Service Provider
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)
Cisco Network Convergence System 2000 Series
Cisco ONS 15454 Series Multiservice Provisioning Platforms
Wireless
Cisco Ultra Cloud Core – Session Management Function
Cisco Cloud Hosted Services
Cisco IoT Control Center
Cisco Umbrella
List Of Cisco Products Not Vulnerable To Spring4 Shell:
Please have the list of products which are considered not vulnerable to Spring4Shell vulnerability at the time of publishing this post. Cisco says, “Any product not listed in the Products Under Investigation or Vulnerable Products section of this advisory is to be considered not vulnerable.” The vendor also stats that, Since the review process is not concluded at this point in time, products that are currently considered not vulnerable may subsequently be considered vulnerable in later stages. Please visit the advisory page to keep information up to date.
Cable Devices
Cisco Continuous Deployment and Automation Framework
Cisco Prime Cable Provisioning
Collaboration And Social Media
Cisco SocialMiner
Cisco Webex Meetings Server
Network Application, Service, And Acceleration
Cisco Wide Area Application Services (WAAS)
Network And Content Security Devices
Cisco Adaptive Security Appliance (ASA) Software
Cisco Firepower Device Manager (FDM)
Cisco Firepower Management Center (FMC)
Cisco Firepower System Software
Cisco Identity Services Engine (ISE)
Cisco Secure Email Gateway, formerly Email Security Appliance (ESA)
Cisco Secure Email and Web Manager, formerly Cisco Content Security Management Appliance (SMA)
Cisco Secure Network Analytics, formerly Cisco Stealthwatch
Cisco Security Manager
Network Management And Provisioning
Cisco Business Process Automation
Cisco CloudCenter Action Orchestrator
Cisco CloudCenter Cost Optimizer
Cisco CloudCenter Suite Admin
Cisco CloudCenter Workload Manager
Cisco CloudCenter
Cisco Collaboration Audit and Assessments
Cisco Common Services Platform Collector (CSPC)
Cisco Connected Mobile Experiences
Cisco Crosswork Change Automation
Cisco Crosswork Network Automation
Cisco Crosswork Situation Manager
Cisco DNA Assurance
Cisco Elastic Services Controller (ESC)
Cisco Intelligent Node (iNode) Manager
Cisco IoT Field Network Director, formerly Cisco Connected Grid Network Management System
Cisco NCS 2000 Shelf Virtualization Orchestrator (SVO)
Cisco Network Insights for Data Center
Cisco Nexus Dashboard
Cisco Nexus Insights
Cisco Policy Suite for Mobile
Cisco Policy Suite
Cisco Prime Performance Manager
Cisco Smart PHY
Cisco ThousandEyes Endpoint Agent
Cisco ThousandEyes Enterprise Agent
Cisco Virtual Topology System – Virtual Topology Controller (VTC) VM
Routing And Switching – Enterprise And Service Provider
Cisco ACI HTML5 vCenter Plug-in
Cisco ASR 5000 Series Routers
Cisco Enterprise NFV Infrastructure Software (NFVIS)
Cisco GGSN Gateway GPRS Support Node
Cisco IOx Fog Director
Cisco IP Services Gateway (IPSG)
Cisco MME Mobility Management Entity
Cisco Mobility Unified Reporting and Analytics System
Cisco PDSN/HA Packet Data Serving Node and Home Agent
Cisco PGW Packet Data Network Gateway
Cisco SD-WAN Cloud OnRamp for Co-Location
Cisco System Architecture Evolution Gateway (SAEGW)
Cisco Ultra Packet Core
Cisco Ultra Services Platform
Ultra Cloud Core – Redundancy Configuration Manager
Routing And Switching – Small Business
Cisco Business Dashboard
Unified Computing
Cisco HyperFlex
Voice And Unified Communications Devices
Cisco BroadWorks
Cisco Cloud Connect
Cisco Emergency Responder
Cisco Unified Attendant Console Advanced
Cisco Unified Attendant Console Business Edition
Cisco Unified Attendant Console Department Edition
Cisco Unified Attendant Console Enterprise Edition
Cisco Unified Attendant Console Premium Edition
Cisco Unified Communications Manager IM & Presence Service
Cisco Unified Communications Manager Session Management Edition
Cisco Unified Communications Manager
Cisco Unified Contact Center Express
Cisco Unified Customer Voice Portal
Cisco Unified Intelligence Center
Cisco Unity Connection
Cisco Virtualized Voice Browser
Video, Streaming, TelePresence, And Transcoding Devices
Cisco Expressway Series
Cisco TelePresence Integrator C Series
Cisco TelePresence MX Series
Cisco TelePresence Management Suite
Cisco TelePresence Precision Cameras
Cisco TelePresence Profile Series
Cisco TelePresence SX Series
Cisco TelePresence System EX Series
Cisco TelePresence Video Communication Server (VCS)
Cisco Touch
Cisco Video Surveillance Operations Manager
Cisco Vision Dynamic Signage Director
Cisco Webex Board Series
Cisco Webex Desk Series
Cisco Webex Room Navigator
Cisco Webex Room Series
Wireless
Cisco Ultra Cloud Core – Access and Mobility Management Function
Cisco Ultra Cloud Core – Network Repository Function
Cisco Ultra Cloud Core – Policy Control Function
Cisco Ultra Cloud Core – Redundancy Configuration Manager
Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure
Cisco Cloud Hosted Services
Cisco BroadCloud
Cisco Industrial Asset Vision
Cisco IoT Operations Dashboard (IOTOC)
Cisco Kinetic for Cities
Cisco Registered Envelope Service
Cisco Smart Collector – Lifecycle Management
Cisco Unified Communications Manager Cloud
Cisco Webex Cloud-Connected UC (CCUC)
We hope this post would help you know the list of Cisco Products Affected by Spring4Shell Vulnerability. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
You may also like these articles:
How To Fix CVE-2022-20777- A Critical Guest Escape Vulnerability In Cisco NFVIS
How To Fix CVE-2022-20732- A Privilege Escalation Vulnerability In Cisco VIM
How To Fix CVE-2022-20695- A Critical Authentication Bypass Vulnerability In Cisco WLC
How To Fix CVE-2022-20798- An Authentication Bypass Vulnerability In Cisco ESA And Cisco SMA
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
- November 20, 2024
Learn Something New with Free Email subscription
Learn Something New with Free Email subscription
Subscribe
Subscribe
Subscribe
Subscribe
- November 20, 2024
