Cisco repairs high-severity bugs on three product lines
Cisco Systems on Wednesday issued a software update for three separate product lines to patch up high-severity bugs found on the products that may trigger remote attackers to elevate privileges or start a denial-of-service attack.
The US-CERT security alerted Cisco about the three bugs that consisted of privilege escalation vulnerability in the Unified Customer Voice Portal and DoS bugs in the Email Security Application and various Business Managed Switches.
The CVP bug resided in the product’ s Operation, Administration, Maintenance and Provisioning credential reset functionality which ultimately lead to the improper input validation.
The DoS bug was found in the Email Security Application again due to improper input validation by the AsyncOS message filtering feature. Attacker can use this flaw to corrupt the validation process.
Also found in SSH subsystem of the following products are the
- Cisco Small Business 300 Series Managed Switches
- Cisco Small Business 500 Series Stackable Managed Switches
- Cisco 350 Series Managed Switches
- Cisco 350X Series Stackable Managed Switches
- Cisco 550X Series Stackable Managed Switches
- Cisco ESW2 Series Advanced Switches
These flaws can result in the improper processing of SSH connections and authenticate the remote attacker that triggers the DoS condition by logging in the affected switch via compromised SSH and sending a malicious SSH message. The good news is that Cisco acted out promptly and patched out the problems from ever arising.
Comments ( 0 )
No comments available