Security News > 2020 > January > Cisco Patches Critical Vulnerability in Network Security Tool
2020-01-23 20:29
A critical vulnerability in the Cisco Firepower Management Center could allow a remote attacker to bypass authentication and execute arbitrary actions on affected devices as administrator.
The issue, Cisco explains, emerges from the improper handling of Lightweight Directory Access Protocol authentication responses from an external server.
Cisco FMC is affected only if it was configured to authenticate users of the web-based management interface through an external LDAP server, Cisco explains.
Fixes were included in Cisco FMC Software versions 6.4.0.7 and 6.5.0.2.
Cisco has released software updates to address all of these flaws and affected customers are advised to apply them as soon as possible, to ensure they are protected.
News URL
Related news
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- NetBird: Open-source network security (source)
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)