• Home
  • |
  • Blog
  • |
  • List Of Cisco Products Affected By Spring4Shell Vulnerability
List of Cisco Products Affected by Spring4Shell Vulnerability

It’s been two weeks since the discloser of a critical vulnerability doubted Spring4Shell, which could cause severe damage to tons of applications. We are talking about a vulnerability that has a CVE ID CVE-2022-22965 assigned with a CVSS score of 9.8 and a Critical severity badge. Considering its severity and impact, it is important to fix the flaw as soon as you can. Network appliances giant Cisco has been in the process of validating its products since it was disclosed. Now they have come up with a list of products that tells which ones are vulnerable and which are not. In this post, let’s see the list of Cisco products affected by the Spring4Shell vulnerability.

To your note, please don’t consider this as a final list. There are a few products still in review. This list will continue to be updated as new information becomes available. Cisco strongly advises customers to update their devices to a fixed release of software as soon as possible in order to protect against this and other threats. Please see the Cisco Security Advisories and Notices page for more information on fixing this issue.

List Of Cisco Products Affected By Spring4Shell Vulnerability:

Cisco has released a list of products that are affected by the Spring4Shell vulnerability. The complete list is available here:

Note: This list could be updated as the investigation progresses.

ProductCisco Bug IDFixed Release Availability
Endpoint Clients and Client Software
Cisco CX Cloud Agent SoftwareCSCwb417352.1.0 (20 Apr 2022)
Network Management and Provisioning
Cisco Automated Subsea TuningCSCwb43658
Cisco Crosswork Data GatewayCSCwb43707
Cisco Crosswork Network ControllerCSCwb437033.0.2 (29 Apr 2022)
2.0.2 (29 Apr 2022)
Cisco Crosswork Optimization EngineCSCwb437093.1.1 (1 May 2022)
2.1.1 (1 May 2022)
Cisco Crosswork Zero Touch Provisioning (ZTP)CSCwb437063.0.2 (29 Apr 2022)
2.0.2 (20 Apr 2022)
Cisco Evolved Programmable Network ManagerCSCwb436436.0.1.1 (29 Apr 2022)
5.1.4.1 (29 Apr 2022)
5.0.2.3 (29 Apr 2022)
Cisco Managed Services Accelerator (MSX)CSCwb43667
Cisco Optical Network PlannerCSCwb43691
Cisco WAN Automation Engine (WAE) LiveCSCwb437087.5.2.1 (19 Apr 2022)
7.4.0.2 (25 Apr 2022)
7.3.0.3 (29 Apr 2022)
Cisco WAN Automation Engine (WAE)CSCwb437087.5.2.1 (19 Apr 2022)
7.4.0.2 (25 Apr 2022)
7.3.0.3 (29 Apr 2022)
Data Center Network Manager (DCNM)CSCwb4363712.1.1 (30 Jun 2022)
Nexus Dashboard Fabric Controller (NDFC)CSCwb4363712.1.1 (30 Jun 2022)
Routing and Switching – Enterprise and Service Provider
Cisco DNA CenterCSCwb43648
Cisco Optical Network ControllerCSCwb436922.0 (31 May 2022)
Cisco Software-Defined AVC (SD-AVC)CSCwb43727
Voice and Unified Communications Devices
Cisco Enterprise Chat and EmailCSCwb4520212.0 (30 May 2022)
12.5 (30 May 2022)
12.6 ES2 (15 May 2022)
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Meeting ServerCSCwb43662

List Of Cisco Products Under Review:

Please have the list of products which are still under investigation at the time of publishing this post.

Network Management And Provisioning

  • Cisco Connected Pharma
  • Cisco Extensible Network Controller (XNC)
  • Cisco Network Change and Configuration Management
  • Cisco Nexus Dashboard Data Broker, formerly Cisco Nexus Data Broker
  • Cisco Nexus Dashboard, formerly Cisco Application Services Engine

Routing And Switching – Enterprise And Service Provider

  • Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)
  • Cisco Network Convergence System 2000 Series
  • Cisco ONS 15454 Series Multiservice Provisioning Platforms

Wireless

  • Cisco Ultra Cloud Core – Session Management Function

Cisco Cloud Hosted Services

  • Cisco IoT Control Center
  • Cisco Umbrella

List Of Cisco Products Not Vulnerable To Spring4 Shell:

Please have the list of products which are considered not vulnerable to Spring4Shell vulnerability at the time of publishing this post.  Cisco says, “Any product not listed in the Products Under Investigation or Vulnerable Products section of this advisory is to be considered not vulnerable.”  The vendor also stats that, Since the review process is not concluded at this point in time, products that are currently considered not vulnerable may subsequently be considered vulnerable in later stages. Please visit the advisory page to keep information up to date.

Cable Devices

  • Cisco Continuous Deployment and Automation Framework
  • Cisco Prime Cable Provisioning

Collaboration And Social Media

  • Cisco SocialMiner
  • Cisco Webex Meetings Server

Network Application, Service, And Acceleration

  • Cisco Wide Area Application Services (WAAS)

Network And Content Security Devices

  • Cisco Adaptive Security Appliance (ASA) Software
  • Cisco Firepower Device Manager (FDM)
  • Cisco Firepower Management Center (FMC)
  • Cisco Firepower System Software
  • Cisco Identity Services Engine (ISE)
  • Cisco Secure Email Gateway, formerly Email Security Appliance (ESA)
  • Cisco Secure Email and Web Manager, formerly Cisco Content Security Management Appliance (SMA)
  • Cisco Secure Network Analytics, formerly Cisco Stealthwatch
  • Cisco Security Manager

Network Management And Provisioning

  • Cisco Business Process Automation
  • Cisco CloudCenter Action Orchestrator
  • Cisco CloudCenter Cost Optimizer
  • Cisco CloudCenter Suite Admin
  • Cisco CloudCenter Workload Manager
  • Cisco CloudCenter
  • Cisco Collaboration Audit and Assessments
  • Cisco Common Services Platform Collector (CSPC)
  • Cisco Connected Mobile Experiences
  • Cisco Crosswork Change Automation
  • Cisco Crosswork Network Automation
  • Cisco Crosswork Situation Manager
  • Cisco DNA Assurance
  • Cisco Elastic Services Controller (ESC)
  • Cisco Intelligent Node (iNode) Manager
  • Cisco IoT Field Network Director, formerly Cisco Connected Grid Network Management System
  • Cisco NCS 2000 Shelf Virtualization Orchestrator (SVO)
  • Cisco Network Insights for Data Center
  • Cisco Nexus Dashboard
  • Cisco Nexus Insights
  • Cisco Policy Suite for Mobile
  • Cisco Policy Suite
  • Cisco Prime Performance Manager
  • Cisco Smart PHY
  • Cisco ThousandEyes Endpoint Agent
  • Cisco ThousandEyes Enterprise Agent
  • Cisco Virtual Topology System – Virtual Topology Controller (VTC) VM

Routing And Switching – Enterprise And Service Provider

  • Cisco ACI HTML5 vCenter Plug-in
  • Cisco ASR 5000 Series Routers
  • Cisco Enterprise NFV Infrastructure Software (NFVIS)
  • Cisco GGSN Gateway GPRS Support Node
  • Cisco IOx Fog Director
  • Cisco IP Services Gateway (IPSG)
  • Cisco MME Mobility Management Entity
  • Cisco Mobility Unified Reporting and Analytics System
  • Cisco PDSN/HA Packet Data Serving Node and Home Agent
  • Cisco PGW Packet Data Network Gateway
  • Cisco SD-WAN Cloud OnRamp for Co-Location
  • Cisco System Architecture Evolution Gateway (SAEGW)
  • Cisco Ultra Packet Core
  • Cisco Ultra Services Platform
  • Ultra Cloud Core – Redundancy Configuration Manager

Routing And Switching – Small Business

  • Cisco Business Dashboard

Unified Computing

  • Cisco HyperFlex

Voice And Unified Communications Devices

  • Cisco BroadWorks
  • Cisco Cloud Connect
  • Cisco Emergency Responder
  • Cisco Unified Attendant Console Advanced
  • Cisco Unified Attendant Console Business Edition
  • Cisco Unified Attendant Console Department Edition
  • Cisco Unified Attendant Console Enterprise Edition
  • Cisco Unified Attendant Console Premium Edition
  • Cisco Unified Communications Manager IM & Presence Service
  • Cisco Unified Communications Manager Session Management Edition
  • Cisco Unified Communications Manager
  • Cisco Unified Contact Center Express
  • Cisco Unified Customer Voice Portal
  • Cisco Unified Intelligence Center
  • Cisco Unity Connection
  • Cisco Virtualized Voice Browser

Video, Streaming, TelePresence, And Transcoding Devices

  • Cisco Expressway Series
  • Cisco TelePresence Integrator C Series
  • Cisco TelePresence MX Series
  • Cisco TelePresence Management Suite
  • Cisco TelePresence Precision Cameras
  • Cisco TelePresence Profile Series
  • Cisco TelePresence SX Series
  • Cisco TelePresence System EX Series
  • Cisco TelePresence Video Communication Server (VCS)
  • Cisco Touch
  • Cisco Video Surveillance Operations Manager
  • Cisco Vision Dynamic Signage Director
  • Cisco Webex Board Series
  • Cisco Webex Desk Series
  • Cisco Webex Room Navigator
  • Cisco Webex Room Series

Wireless

  • Cisco Ultra Cloud Core – Access and Mobility Management Function
  • Cisco Ultra Cloud Core – Network Repository Function
  • Cisco Ultra Cloud Core – Policy Control Function
  • Cisco Ultra Cloud Core – Redundancy Configuration Manager
  • Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure

Cisco Cloud Hosted Services

  • Cisco BroadCloud
  • Cisco Industrial Asset Vision
  • Cisco IoT Operations Dashboard (IOTOC)
  • Cisco Kinetic for Cities
  • Cisco Registered Envelope Service
  • Cisco Smart Collector – Lifecycle Management
  • Cisco Unified Communications Manager Cloud
  • Cisco Webex Cloud-Connected UC (CCUC)

We hope this post will help you know the list of Cisco Products Affected by Spring4Shell Vulnerability. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

To know more about me. Follow me on LinkedIn
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.