Kashif Ali

Original release date: July 30, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

• Cisco SD-WAN vManage Software Authorization Bypass Vulnerability cisco-sa-uabvman-SYGzt8Bv
• Cisco Data Center Network Manager Authentication Bypass Vulnerability cisco-sa-dcnm-bypass-dyEejUMs
• Cisco Data Center Network Manager Command Injection Vulnerability cisco-sa-devmgr-cmd-inj-Umc8RHNh
• Cisco Data Center Network Manager Command Injection Vulnerability cisco-sa-dcnm-rest-inj-BCt8pwAJ
• Cisco Data Center Network Manager Path Traversal Vulnerability cisco-sa-dcnm-path-trav-2xZOnJdR
• Cisco Data Center Network Manager Improper Authorization Vulnerability cisco-sa-dcnm-improper-auth-7Krd9TDT
• Cisco Data Center Network Manager Authentication Bypass Vulnerability cisco-sa-dcnm-auth-bypass-JkubGpu3 

Original release date: July 30, 2020

Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a local attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT Coordination Center’s Vulnerability Note VU#174059 for mitigations and to refer to operating system vendors for appropriate patches, when available.

Original release date: July 29, 2020

Adobe has released security updates to address vulnerabilities in Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition). An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-47 and apply the necessary updates.

Original release date: July 29, 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

• Firefox 79
• Firefox ESR 68.11
• Firefox ESR 78.1
• Thunderbird 78.1