Security News > 2020 > January > Cisco Patches Critical Vulnerability in Network Security Tool
2020-01-23 20:29
A critical vulnerability in the Cisco Firepower Management Center could allow a remote attacker to bypass authentication and execute arbitrary actions on affected devices as administrator.
The issue, Cisco explains, emerges from the improper handling of Lightweight Directory Access Protocol authentication responses from an external server.
Cisco FMC is affected only if it was configured to authenticate users of the web-based management interface through an external LDAP server, Cisco explains.
Fixes were included in Cisco FMC Software versions 6.4.0.7 and 6.5.0.2.
Cisco has released software updates to address all of these flaws and affected customers are advised to apply them as soon as possible, to ensure they are protected.
News URL
Related news
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- The ongoing evolution of the CIS Critical Security Controls (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)