Security News > 2020 > January > Cisco Patches Critical Vulnerability in Network Security Tool
A critical vulnerability in the Cisco Firepower Management Center could allow a remote attacker to bypass authentication and execute arbitrary actions on affected devices as administrator.
The issue, Cisco explains, emerges from the improper handling of Lightweight Directory Access Protocol authentication responses from an external server.
Cisco FMC is affected only if it was configured to authenticate users of the web-based management interface through an external LDAP server, Cisco explains.
Fixes were included in Cisco FMC Software versions 6.4.0.7 and 6.5.0.2.
Cisco has released software updates to address all of these flaws and affected customers are advised to apply them as soon as possible, to ensure they are protected.
News URL
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Setting a security standard: From vulnerability to exposure management (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Major security audit of critical FreeBSD components now available (source)
- Here's what happens if you don't layer network security – or remove unused web shells (source)