Cisco Releases Multiple Security Advisories

Cisco has released six security advisories to address vulnerabilities affecting the following products:

• Cius Wifi devices running Cius Software Version 9.2(1) SR1 and prior
• Cisco Unified Communications Manager Software versions 6.x, 7.x, and 8.x
• Cisco Business Edition 3000, 5000, and 6000
• Cisco Unity Connection 7.1 and prior
• Cisco 2000, 2100, 2500, 4100, 4400, and 5500 Series Wireless LAN Controllers (WLCs)
• Cisco 500 Series Wireless Express Mobility Controllers
• Cisco Wireless Services Modules (WiSM) and (WiSM version 2)
• Cisco NME-AIR-WLC and NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
• Cisco Catalyst 3750G Integrated WLC
• Cisco Flex 7500 Series Cloud Controllers
• Control, Expressway, and Starter Pack Express variants of Cisco TelePresence Video Communication Server
• Cisco SRP 521W, 526W, and 527W
• Cisco SRP 521W-U, 526W-U, and 527W-U
• Cisco SRP 541W, 546W, and 547W

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with escalated privileges and bypass security restrictions.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20120229-cius, cisco-sa-201202290-cucm, cisco-sa-201202290-cuc, cisco-sa-201202290-wlc, cisco-sa-201202290-vcs, and cisco-sa-201202290-srp500 and apply any necessary updates to help mitigate the risk.