Security News > 2020 > February > Cisco Patches Critical Flaw in Smart Licensing Solution
Cisco has released patches for sixteen vulnerabilities across its products, including one rated critical, six high severity, and nine medium risk.
The critical vulnerability impacts Cisco's Smart Software Manager On-Prem licensing solution and could allow a remote, unauthenticated attacker to access system data with high privileges.
Tracked as CVE-2020-3158 and featuring a CVSS score of 9.8, the flaw impacts Cisco Smart Software Manager On-Prem releases earlier than 7-202001, but only if the High Availability feature is enabled.
The medium risk flaws Cisco patched this week include a DoS bug in Unified Contact Center Enterprise, remote code execution in Enterprise NFV Infrastructure Software, Cross-Site Scripting in Identity Services Engine, XSS in Finesse, DoS in AsyncOS Software for ESA, SQL injection in Cloud Web Security, DoS in Meeting Server, incorrect handling of directory paths in AnyConnect Secure Mobility Client for Windows, and XSS in Data Center Network Manager.
Specific information on each of these vulnerabilities can be found in the advisories Cisco published on its support website.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2020-3158 | Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem 7201910 A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. | 8.8 |