Cisco Addresses Apache Struts 2 Vulnerability

Original release date: July 09, 2014

Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system.

Cisco products affected by this vulnerability include:

  • Cisco Business Edition 3000 Series
  • Cisco Identity Services Engine (ISE)
  • Cisco Media Experience Engine (MXE) 3500 Series
  • Cisco Unified Contact Center Enterprise (Cisco Unified CCE)

US-CERT encourages users and administrators to review the Cisco Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.