Multiple Cisco product vulnerabilities addressed

Share This Post



Patches have been issued by Cisco for several security flaws impacting its products, the most severe of which are a pair of critical vulnerabilities in the Smart Licensing Utility, tracked as CVE-2024-20439 and CVE-2024-20440, reports SecurityWeek.

Threat actors could leverage CVE-2024-20439 via static credentials to facilitate the compromise of targeted systems with administrative privileges while intrusions involving CVE-2024-20440 could enable the acquisition of log files with credentials and other sensitive details, according to an advisory from Cisco. Also addressed by Cisco were a high-severity code execution vulnerability in the Meraki Systems Manager agent for Windows, as well as medium-severity bugs in Duo Epic for Hyperdrive, Expressway Edge, and the Identity Services Engine. Abuse of the ISE flaw, tracked as CVE-2024-20469, could permit operating system command injections and privilege escalation. “This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command,” said Cisco.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch