Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager. The vulnerabilities were found by Code White security researcher Florian Hauser in August. They could allow unauthenticated attackers to execute arbitrary commands remotely on vulnerable devices. At the moment, Cisco says they are not aware of any ongoing attacks exploiting the vulnerabilities patched today. In November, Cisco also disclosed an AnyConnect VPN zero-day bug that could allow for remote code execution after successful exploitation.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-security-manager-vulnerabilities-with-public-exploits/