Security News > 2020 > November > Cisco Patches Publicly Disclosed Vulnerabilities in Security Manager
Cisco this week released advisories for three serious vulnerabilities in Security Manager that already have proof-of-concept exploit code available online.
Cisco says that there are no workarounds available for this vulnerability but that Cisco Security Manager 4.22 addresses is.
Last week, Hauser revealed on Twitter that he reported the vulnerabilities to Cisco in July, along with 9 other issues in Security Manager.
"Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITYSYSTEM," the researcher notes on GitHub.
Last week, Cisco released patches for a high-severity vulnerability in IOS XR software for ASR 9000 series routers.
News URL
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Exploited: Cisco, SharePoint, Chrome vulnerabilities (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)