Security News > 2020 > January > Cisco Patches Critical Vulnerability in Network Security Tool
2020-01-23 20:29
A critical vulnerability in the Cisco Firepower Management Center could allow a remote attacker to bypass authentication and execute arbitrary actions on affected devices as administrator.
The issue, Cisco explains, emerges from the improper handling of Lightweight Directory Access Protocol authentication responses from an external server.
Cisco FMC is affected only if it was configured to authenticate users of the web-based management interface through an external LDAP server, Cisco explains.
Fixes were included in Cisco FMC Software versions 6.4.0.7 and 6.5.0.2.
Cisco has released software updates to address all of these flaws and affected customers are advised to apply them as soon as possible, to ensure they are protected.
News URL
Related news
- 5 reasons to double down on network security (source)
- Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- The Future of Network Security: Automated Internal and External Pentesting (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- Critical security hole in Apache Struts under exploit (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)