Security News > 2020 > November > Cisco Patches Publicly Disclosed Vulnerabilities in Security Manager
Cisco this week released advisories for three serious vulnerabilities in Security Manager that already have proof-of-concept exploit code available online.
Cisco says that there are no workarounds available for this vulnerability but that Cisco Security Manager 4.22 addresses is.
Last week, Hauser revealed on Twitter that he reported the vulnerabilities to Cisco in July, along with 9 other issues in Security Manager.
"Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITYSYSTEM," the researcher notes on GitHub.
Last week, Cisco released patches for a high-severity vulnerability in IOS XR software for ASR 9000 series routers.
News URL
Related news
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)