Security News > 2020 > November > Researcher Discloses Critical RCE Flaws In Cisco Security Manager
Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager a week after the networking equipment maker quietly released patches with version 4.22 of the platform.
The flaws were responsibly reported to Cisco's Product Security Incident Response Team three months ago, on July 13.
Cisco Security Manager is an end-to-end enterprise solution that allows organizations to enforce access policies and manage and configure firewalls and intrusion prevention systems in a network.
Cisco is yet to address the flaw, with a planned fix set to be included in Cisco Security Manager Release 4.23.
"On November 16, Cisco published three security advisories for the reported vulnerabilities in Cisco Security Manager. The twelve issues reported are tracked and addressed through four Cisco bug IDs. Cisco has released free software updates that address the vulnerabilities described in the CSM path traversal vulnerability advisory and the CSM static credential vulnerability advisory," a spokesperson for the company told The Hacker News.
News URL
Related news
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Critical Exim bug bypasses security filters on 1.5 million mail servers (source)
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)
- Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager (source)
- Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) (source)
- Critical Cisco bug lets hackers add root users on SEG devices (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Critical ServiceNow RCE flaws actively exploited to steal credentials (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)