Cisco Releases Security Patches for Critical Flaws Affecting its Products

Nested Applications

Asset Publisher

News

Multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.

Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems.

SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service.

Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability — known as "PrintNightmare" — that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.

As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets.

We are a member of First

We are a member of First

 

 

contactpic

 

 

Most Viewed Assets

null Cisco Releases Security Patches for Critical Flaws Affecting its Products

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices.


"An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company said in an advisory published yesterday. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices."


The bug, tracked as CVE-2021-1388, ranks 10 (out of 10) on the CVSS vulnerability scoring system and stems from an improper token validation in an API endpoint of Cisco ACI MSO installed the Application Services Engine. It affects ACI MSO versions running a 3.0 release of the software.
The ACI Multi-Site Orchestrator lets customers monitor and manage application-access networking policies across Cisco APIC-based devices.


Separately, the company also patched multiple flaws in Cisco Application Services Engine (CVE-2021-1393 and CVE-2021-1396, CVSS score 9.8) that could grant a remote attacker to access a privileged service or specific APIs, resulting in capabilities to run containers or invoke host-level operations, and learn "device-specific information, create tech support files in an isolated volume, and make limited configuration changes."


Both the flaws were a result of insufficient access controls for an API running in the Data Network, Cisco noted.


The networking major said the aforementioned three weaknesses were discovered during internal security testing but added it detected no malicious attempts exploiting the vulnerabilities in the wild.
Lastly, Cisco fixed a vulnerability (CVE-2021-1361, CVSS score 9.8) in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches running NX-OS, the company's network operating system used in its Nexus-branded Ethernet switches.


This could allow a bad actor to create, delete, or overwrite arbitrary files with root privileges on the device, the company cautioned, including permitting the attacker to add a user account without the device administrator's knowledge.


Cisco said Nexus 3000 and Nexus 9000 switches running Cisco NX-OS Software Release 9.3(5) or Release 9.3(6) are vulnerable by default.


"This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests," Cisco outlined in the adversary. "An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075."


The patches come weeks after Cisco rectified as many as 44 flaws in its Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user and even cause a denial-of-service condition.

Nested Applications

Contact Us

Free Call[OH]: 933

Phone Number: +251-993939270

                            +251-993531965

                            +251-944-33-68-02

E-mail: ethiocert@insa.gov.et

P.O.Box: 124498

Asset Publisher

tools

Nested Applications

Asset Publisher

values

Values

  • Trustworthiness
  • Innovation
  • Scientific
  • Democracy
  • Synergy
  • Saving