Corporate network administrators should carefully patch all applicable products as documented in the April 2017 advisory

Cisco had a pretty large dump of security advisories todayseven “high priority” and one “critical” – impacting a variety of products many with the threat allowing a remote attacker to cause a denial of service. First up this week Cisco said a vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) software could let an unauthenticated, remote attacker cause a denial of service (DoS) attack.

Cisco said it has released software to tackle all seven of these vulnerabilities.  Cisco continues to list the Apache Struts2 Jakarta vulnerability as “critical.” Apache in March disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using acrafted Content-Type, Content-Disposition, or Content-Length value. Cisco said it continues to investigate its product line to determine which products may be affected by this vulnerability and the impact on each affected product