Security News > 2020 > February > Critical Cisco Bug Opens Software Licencing Manager to Remote Attack
A critical flaw in the High Availability service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn't directly connected to the internet.
Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner's product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organization purchases and consumes.
Essentially, anyone who discovered the password, could log onto this account and then, from there, connect to the Cisco Smart Software Manager On-Prem Base.
Cisco has released patches for a number of flaws already in 2020, including fixes for five critical vulnerabilities that were discovered in Cisco Discovery Protocol, the info-sharing layer that maps all Cisco equipment on a network.
A critical Cisco vulnerability emerged in its administrative management tool for Cisco network security solutions.
News URL
https://threatpost.com/critical-cisco-bug-software-licencing-remote-attack/153086/
Related news
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)