Security News > 2020 > April > Cisco Patches Critical Flaws in IP Phones, UCS Director
Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director.
The critical vulnerability patched in IP Phones impacts the web server and could allow a remote, unauthenticated attacker to execute code with root privileges.
A total of three critical vulnerabilities were addressed in Cisco UCS Director and UCS Director Express for Big Data, all three discovered in the REST API. The bugs may allow a remote, unauthenticated attacker to bypass authentication or conduct directory traversal attacks.
All three issues were addressed in UCS Director 6.7.4.0 and UCS Director Express for Big Data 3.7.4.0.
Six of the bugs could be exploited by unauthenticated, remote attackers to cause denial of service, conduct a cross-site request forgery attack, or to conduct directory traversal attacks.
News URL
Related news
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)