Security News > 2020 > February > Critical Cisco Bug Opens Software Licencing Manager to Remote Attack
A critical flaw in the High Availability service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn't directly connected to the internet.
Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner's product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organization purchases and consumes.
Essentially, anyone who discovered the password, could log onto this account and then, from there, connect to the Cisco Smart Software Manager On-Prem Base.
Cisco has released patches for a number of flaws already in 2020, including fixes for five critical vulnerabilities that were discovered in Cisco Discovery Protocol, the info-sharing layer that maps all Cisco equipment on a network.
A critical Cisco vulnerability emerged in its administrative management tool for Cisco network security solutions.
News URL
https://threatpost.com/critical-cisco-bug-software-licencing-remote-attack/153086/
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)