National Cyber Awareness System Current Activity

Original release date: June 17, 2021Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates: Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability cisco-sa-esa-wsa-cert-vali-n8L97RW Cisco DNA Center Certificate Validation Vulnerability cisco-sa-dnac-certvalid-USEj2CZk Cisco Small Business 220 Series Smart Switches Vulnerabilities cisco-sa-ciscosb-multivulns-Wwyb7s5E Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability cisco-sa-anyconnect-pos-dll-ff8j6dFv Cisco Meeting Server API Denial of Service Vulnerability cisco-sa-meetingserver-dos-NzVWMMQT Cisco Jabber Desktop and Mobile Client Software Vulnerabilities cisco-sa-jabber-GuC5mLwG Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability cisco-sa-cuic-xss-csHUdtrL Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability cisco-sa-anyconnect-dos-hMhyDfb8 Cisco Jabber and Webex Client Software Shared File Manipulation Vulnerability cisco-sa-webex-teams-7ZMcXG99 This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 15, 2021Apple has released security updates to address vulnerabilities in iOS 12.5.4. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 14, 2021CISA has released an Industrial Controls Systems (ICS) Medical Advisory on multiple vulnerabilities in the ZOLL Defibrillator Dashboard. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS Medical Advisory ICSMA-21-161-01 and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 10, 2021Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30551—has been detected in exploits in the wild. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 9, 2021CISA has published the Rising Ransomware Threat to OT Assets fact sheet in response to the recent increase in ransomware attacks targeting operational technology (OT) assets and control systems. The guidance: provides steps to prepare for, mitigate against, and respond to attacks; details how the dependencies between an entity’s IT and OT systems can provide a path for attackers; and explains how to reduce the risk of severe business degradation if affected by ransomware. CISA encourages critical infrastructure (CI) owners and operators to review the Rising Ransomware Threat to OT Assets fact sheet as well as CISA’s Ransomware webpage to help them in reducing their CI entity’s vulnerability to ransomware. This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 8, 2021SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for June 2021 and apply the necessary updates.  This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 8, 2021Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.  This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 8, 2021Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review Microsoft’s June 2021 Security Update Summary and Deployment Information and apply the necessary updates.  This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 4, 2021CISA is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and attackers can exploit this vulnerability to take control of an unpatched system. CISA encourages users and administrators to review VMware’s VMSA-2021-010, blogpost, and FAQ for more information about the vulnerability and apply the necessary updates as soon as possible, even if out-of-cycle work is required. If an organization cannot immediately apply the updates, then apply the workarounds in the interim.    This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 3, 2021Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates: Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability cisco-sa-webex-player-rCFDeVj2 Cisco Webex Player Memory Corruption Vulnerability cisco-sa-webex-player-kOf8zVT Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability cisco-sa-webex-player-dOJ2jOJ Cisco SD-WAN Software Privilege Escalation Vulnerability cisco-sa-sd-wan-fuErCWwF Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities cisco-sa-asr5k-autho-bypass-mJDF5S7n This product is provided subject to this Notification and this Privacy & Use policy.