Cisco patches high and critical flaws across several products

Cisco has patched critical vulnerabilities in several of its products this week, including the Industrial Network Director, Modeling Labs, ASR 5000 Series Routers, and BroadWorks Network Server. Errors can lead to administrative command injection, authentication bypass, remote privilege escalation, and denial of service.

Cisco Industrial Network Director (IND), a network management and monitoring server for operational technology (OT) networks, received patches for two vulnerabilities rated critical and medium respectively. These were fixed in version 1.11.3 of the software.

The critical flaw, CVE-2023-20036, is in the Cisco IND web-based user interface and could allow remote authenticated attackers to execute arbitrary commands on the underlying Windows operating system with administrative privileges (​​NT AUTHORITYSYSTEM) . The vulnerability is the result of insufficient input validation in the functionality that allows users to upload device packages.

The medium vulnerability fixed in Cisco IND, CVE-2023-20039, is the result of insufficient default file permissions in the application data directory. A successful exploit could allow an authenticated attacker to access sensitive information and files in this directory.

Cisco Modeling Labs flaw could allow unauthorized remote access

Cisco Modeling Labs, a local network simulation tool, has a critical vulnerability (CVE-2023-20154) that results from the processing of certain messages from an external LDAP authentication server, which could allow an unauthenticated remote attacker to access the tool’s website. interface with administrative privileges. This would give them access to view and modify all user-created simulations and data.

The flaw affects Modeling Labs for Education, Modeling Labs Enterprise, and Modeling Labs – Not for Resale, but not Modeling Labs Personal and Personal Plus. Exploitable only if the external LDAP server is configured to respond to search queries with a non-empty array of matching entries. An administrator can change the LDAP server configuration to mitigate this flaw as a workaround, but customers are encouraged to update Modeling Labs to version 2.5.1 to address the vulnerability.

Copyright © 2023 IDG Communications, Inc.

Source link
Ikaroa, a full stack tech company, is pleased to announce that Cisco has just released a patch for several products containing high and critical security flaws. At Ikaroa, we believe in a secured infrastructure and commend Cisco for their promptness in addressing the issues.

The security flaws, which were found in Cisco’s SD-WAN, ASR 1000, IOS XE, and FMC software, could have left systems running these products vulnerable to attack. By attacking these products, hackers could have had access to sensitive data, installed malware, or even caused a complete shutdown of the affected systems.

The patches released by Cisco are necessary and ensure customers can continue to use their systems without fear of attack. Enterprises have been recommended by Cisco to immediately apply the patches and update their systems to the latest version.

Ikaroa is committed to providing secure systems and solutions to all its customers and despite being a full stack tech company, urges all its customers to use the latest and most secure technologies, such as the now patched Cisco products. With all the new security threats or vulnerabilities popping up on a daily basis, we ensure that our customers are safe and always running the latest software.

We urge all customers to regularly check and identify any system vulnerabilities and apply the latest patches and updates accordingly, to protect from any malicious threats. At Ikaroa, we are committed to providing a secure infrastructure for our customers and expect nothing less from Cisco.


Leave a Reply

Your email address will not be published. Required fields are marked *