Cisco cleared three critical vulnerabilities, along with a bunch of other holes in an assortment of its products.
One of the three critical flaws is a DoS and RCE vulnerability (CVE-2018-0423) in the web-based management interface of three series of Cisco wireless VPN routers: RV110W, RV130W, and RV215W. It has only been fixed in the RV130W series.
One of the other vulnerabilities is an Apache Struts RCE vulnerability (CVE-2018-11776) that affects 20 different Cisco products. This is the vulnerability for which a PoC was found online and is undergoing active exploitation.
Only one patch for one product (Cisco Identity Services Engine) has been released, and the company has published a schedule for some of the other releases.
The third critical vulnerability is the Cisco Umbrella API (CVE-2018-0435) which could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. Cisco has addressed the issue and no user action is required.
Cisco also fixed vulnerabilities affecting the Webex Meetings Client, the Cisco Webex Teams, two high-impact flaws in the Cisco Umbrella Enterprise Roaming Client.