Cisco has released security patches to fix 17 vulnerabilities affecting its networking and unified communications product lines.
The types of fixed
One of the flaws patched the IT giant is a critical issue, tracked as CVE-2020-3158, while six vulnerabilities are rated as high-risk severity.
The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool.
“A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.” reads the advisory published by Cisco.
“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”
An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.
The issue could expose a sensitive portion of the system, but Cisco pointed out that the attacker would not have full administrative rights to control the device.
The vulnerability affects Cisco Smart Software Manager On-Prem releases prior to the 7-202001 version, only if the High Availability (HA) feature is enabled (HA is not enabled by default).
Cisco also addressed privilege escalation vulnerabilities in Unified Contact Center (CVE-2019-1888) and Data Center Network Manager (CVE-2020-3112). The tech giant fixed a code execution vulnerability in NFV Infrastructure Sotware (CVE-2020-3138) that could be exploited only by local attackers.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.