Security News > 2020 > November > Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs
Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system.
Those are part of a batch of twelve vulnerabilities flagged in July 2020 by Florian Hauser, a security researcher and red teamer at Code White.
Cisco Security Manager is a security management application that provides insight into and control of Cisco security and network devices deployed by enterprises - security appliances, intrusion prevention systems, firewalls, routers, switches, etc.
Cisco has also simultaneously announced that it will fix multiple Java deserialization vulnerabilities in the upcoming v4.23 of the Cisco Security Manager solution.
The company's Product Security Incident Response Team has noted that public announcements about all these vulnerabilities are available, but that they are "Not aware" of instances of actual malicious use in the wild.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/oXirgwENL4M/
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Exploited: Cisco, SharePoint, Chrome vulnerabilities (source)