Security News > 2020 > February > Cisco Patches Critical Flaw in Smart Licensing Solution

Cisco Patches Critical Flaw in Smart Licensing Solution
2020-02-20 19:40

Cisco has released patches for sixteen vulnerabilities across its products, including one rated critical, six high severity, and nine medium risk.

The critical vulnerability impacts Cisco's Smart Software Manager On-Prem licensing solution and could allow a remote, unauthenticated attacker to access system data with high privileges.

Tracked as CVE-2020-3158 and featuring a CVSS score of 9.8, the flaw impacts Cisco Smart Software Manager On-Prem releases earlier than 7-202001, but only if the High Availability feature is enabled.

The medium risk flaws Cisco patched this week include a DoS bug in Unified Contact Center Enterprise, remote code execution in Enterprise NFV Infrastructure Software, Cross-Site Scripting in Identity Services Engine, XSS in Finesse, DoS in AsyncOS Software for ESA, SQL injection in Cloud Web Security, DoS in Meeting Server, incorrect handling of directory paths in AnyConnect Secure Mobility Client for Windows, and XSS in Data Center Network Manager.

Specific information on each of these vulnerabilities can be found in the advisories Cisco published on its support website.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/VsvWzH5JiDg/cisco-patches-critical-flaw-smart-licensing-solution

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2020-3158 Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.
network
low complexity
cisco CWE-798
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751