Original release date: August 5, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit  these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

• Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy
• Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability cisco-sa-rv-code-execution-9UVJr7k4
• Cisco Packet Tracer for Windows DLL Injection Vulnerability cisco-sa-packettracer-dll-inj-Qv8Mk5Jx
• Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability cisco-sa-nso-priv-esc-XXqRtTfT
• ConfD CLI Secure Shell Server Privilege Escalation Vulnerability cisco-sa-confd-priv-esc-LsGtCRx4

Original release date: August 3, 2021

CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities in Swisslog Healthcare Translogic Pneumatic Tube Systems (PTS). An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the ICS Medical Advisory ICSMA-21-215-01 Swisslog Translogic PTS and apply the necessary updates and mitigations.

Original release date: July 30, 2021

The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the general public. This information sheet provides information on malicious techniques used by cyber actors to target wireless devices and ways to protect against it.

CISA encourages organization leaders, administrators, and users to review NSA’s guidance on Securing Wireless Devices in Public Settings and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting devices and data.

Original release date: July 28, 2021

CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have released the Joint Cybersecurity Advisory Top Routinely Exploited Vulnerabilities, which details the top vulnerabilities routinely exploited by malicious actors in 2020 and those being widely exploited thus far in 2021.   

CISA encourages users and administrators to review the Joint Cybersecurity Advisory for information on assessing and remediating vulnerabilities as quickly as possible to reduce the risk of exploitation.  

Original release date: July 27, 2021

Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected device.

CISA encourages users and administrators to review the security update page for the following products and apply the necessary updates:

• MacOS Big Sur 11.5.1
• iOS 14.7.1 and iPadOS 14.7.1