View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Cisco patches up Apache Struts 2 exploit

However, there is no update for Cisco Business Edition 3000.

By Amy-Jo Crowley

Cisco has urged developers to add software updates to multiple unified contact centre business products that include Apache Struts 2 software.

The networking firm issued a patch for the four-year-old vulnerability, which would have allowed a malicious hacker to bypass the ‘#’-usage protection built into the ParametersInterceptor.

"An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system," Cisco said in a statement.

"This vulnerability has been confirmed to allow remote code execution with the privileges of the Administrator user for the Cisco Unified CCE. Exploitation on Cisco ISE, Cisco MXE 3500, and Cisco Business Edition 3000 Series is theoretically possible but could not be reproduced," it added.

Cisco has released free software updates that address this vulnerability for all affected products except Cisco Business Edition 3000 Series.

Users using Cisco Business Edition 3000 Series should contact their Cisco representative for available options, Cisco said

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.