Cisco released security updates to address security flaws in several products including SD-WAN, Webex, Firepower, IoT Field Network Director, Identity Services Engine, and Small Business routers.
One of the flaws tracked as CVE-2019-1651 has been rated with “critical” severity, it resides in the
“A vulnerability in the
“The vulnerability is due to improper bounds checking by the
Cisco also addressed other “high severity” issues in the SD-WAN product that includes flaws that can be exploited to bypass authentication, overwrite arbitrary files, and escalate privileges. In most cases, exploitation requires the attacker to authenticate to the targeted system.
The tech giant addressed two serious issues in Cisco’s Small Business RV320 and RV325 routers. The first one could be
Cisco also fixed multiple “high severity” vulnerabilities in Webex products, including a command execution issue in the Webex Teams client, and five code execution flaws in the Windows versions of Webex Network Recording Player and Webex Player.
The flaws were reported by experts at RedTeam Pentesting firm,
Another vulnerability addressed by Cisco is a DoS issue in the Firepower firewall, it could be exploited by a remote, unauthenticated attacker. Cisco also addressed another in the Cisco IoT Field Network Director product.
The firm also addressed a privilege escalation issue affecting the Identity Services Engine that can be exploited by an attacker to obtain “super admin” permissions.
At the time, Cisco was not aware of any attack in the wild exploiting one of the flaws addressed by the security updates.
| [adrotate banner=”9″] ||[adrotate banner=”12″]|
(SecurityAffairs – Cisco, SD-WAN )
[adrotate banner=”5″] [adrotate banner=”13″]