Security News > 2020 > February > Critical Cisco Bug Opens Software Licencing Manager to Remote Attack
A critical flaw in the High Availability service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn't directly connected to the internet.
Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner's product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organization purchases and consumes.
Essentially, anyone who discovered the password, could log onto this account and then, from there, connect to the Cisco Smart Software Manager On-Prem Base.
Cisco has released patches for a number of flaws already in 2020, including fixes for five critical vulnerabilities that were discovered in Cisco Discovery Protocol, the info-sharing layer that maps all Cisco equipment on a network.
A critical Cisco vulnerability emerged in its administrative management tool for Cisco network security solutions.
News URL
https://threatpost.com/critical-cisco-bug-software-licencing-remote-attack/153086/
Related news
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (source)
- Ransomware attacks escalate as critical sectors struggle to keep up (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- Cisco merch shoppers stung in Magecart attack (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)