Some of Cisco’s products suffer from the Apache Struts2 command execution vulnerability exploited over the past week.
The flaw has been confirmed to affect the Cisco Identity Services Engine (ISE), the Prime Service Catalog Virtual Appliance, and the Unified SIP Proxy Software, Cisco officials said.
Cisco said the investigation into which products suffer from the issues is ongoing as they do know dozens of products do not have a problem, but there are others that are suspect.
While attackers are leveraging the vulnerability in various industry products, Cisco has not found any evidence of attacks targeting any of its lines.
Having said that, the company has warned users exploits for this flaw are publicly available.
In a bit of irony, Cisco’s Talos group was the first to warn of active attacks.
The security hole, identified as CVE-2017-5638, affects Struts 2.3.5 through 2.3.31 and Struts 2.5 through 2.5.10, and it ended up addressed last Monday with the release of versions 2.3.32 and 188.8.131.52.
The vulnerability exists in the Jakarta Multipart parser and is caused by the improper handling of Content-Type header values. A remote, unauthenticated attacker can exploit the weakness to execute arbitrary commands by sending a specially crafted HTTP request.