Security News > 2020 > January > Cisco Patches Critical Vulnerability in Network Security Tool
A critical vulnerability in the Cisco Firepower Management Center could allow a remote attacker to bypass authentication and execute arbitrary actions on affected devices as administrator.
The issue, Cisco explains, emerges from the improper handling of Lightweight Directory Access Protocol authentication responses from an external server.
Cisco FMC is affected only if it was configured to authenticate users of the web-based management interface through an external LDAP server, Cisco explains.
Fixes were included in Cisco FMC Software versions 6.4.0.7 and 6.5.0.2.
Cisco has released software updates to address all of these flaws and affected customers are advised to apply them as soon as possible, to ensure they are protected.
News URL
Related news
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Security Vulnerability in Saflok’s RFID-Based Keycard Locks (source)
- Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (source)
- Security Vulnerability of HTML Emails (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- Cisco creates architecture to improve security and sell you new switches (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes (source)