Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. The following table lists Cisco products that are affected by one or both of the vulnerabilities that are described in this advisory. This section will be updated as information is available.
SMALL CISCO SWITCH SOFTWARE
The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.Ĭisco is investigating its product line to determine which products may be affected by these vulnerabilities. The Vulnerable Products section includes Cisco bug IDs for each affected product. Because this is an ongoing investigation, be aware that products that are currently considered not vulnerable may subsequently be considered vulnerable as additional information becomes available. Any Cisco product or service that is not explicitly listed in the Affected Products section of this advisory is not affected by the vulnerability or vulnerabilities described. Products and services that do not contain the impacted software component are not vulnerable and therefore are not listed in this advisory. This advisory only lists Cisco products and services that are known to include the impacted software component and thus may be vulnerable.
SMALL CISCO SWITCH UPDATE
As the investigation progresses, Cisco will update this advisory with information about affected products. This advisory is available at the following link:Ĭisco is investigating its product line to determine which products may be affected by these vulnerabilities. Product fixes that are listed in this advisory will address both CVE-2021-44228 and CVE-2021-45046 unless otherwise noted.Ĭisco has reviewed CVE-2021-45105 and CVE-2021-44832 and has determined that no Cisco products or cloud offerings are impacted by these vulnerabilities.Ĭisco's standard practice is to update integrated third-party software components to later versions as they become available. To help detect exploitation of these vulnerabilities, Cisco has released Snort rules at the following location: Talos Rules