Multiple vulnerabilities exist in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). These vulnerabilities could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.

Full description of the vulnerability is available on the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV

1. Confirm whether you are using Cisco Expressway Series and Cisco TelePresence VCS Release. If you aren’t using this product, no action is required.

2. If you’re using Cisco Expressway Series and Cisco TelePresence VCS, upgrade the firmware version of this product to 14.0.7 or higher.

3. To get relevant software, go to Cisco’s Software Download page. Log in will be required to your Cisco’s CCO download repository for this page.