Security News > 2020 > February > Critical Cisco Bug Opens Software Licencing Manager to Remote Attack
A critical flaw in the High Availability service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn't directly connected to the internet.
Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner's product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organization purchases and consumes.
Essentially, anyone who discovered the password, could log onto this account and then, from there, connect to the Cisco Smart Software Manager On-Prem Base.
Cisco has released patches for a number of flaws already in 2020, including fixes for five critical vulnerabilities that were discovered in Cisco Discovery Protocol, the info-sharing layer that maps all Cisco equipment on a network.
A critical Cisco vulnerability emerged in its administrative management tool for Cisco network security solutions.
News URL
https://threatpost.com/critical-cisco-bug-software-licencing-remote-attack/153086/
Related news
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)