Cisco has released security patches to fix 17 vulnerabilities affecting its networking and unified communications product lines.
The types of fixed
One of the flaws patched the IT giant is a critical issue, tracked as CVE-2020-3158, while six vulnerabilities are rated as high-risk severity.
The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool.
“A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.” reads the advisory published by Cisco.
“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”
An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.
The issue could expose a sensitive portion of the system, but Cisco pointed out that the attacker would not have full administrative rights to control the device.
The vulnerability affects Cisco Smart Software Manager On-Prem releases prior to the 7-202001 version, only if the High Availability (HA) feature is enabled (HA is not enabled by default).
Cisco also addressed privilege escalation vulnerabilities in Unified Contact Center (CVE-2019-1888) and Data Center Network Manager (CVE-2020-3112). The tech giant fixed a code execution vulnerability in NFV Infrastructure Sotware (CVE-2020-3138) that could be exploited only by local attackers.