Friday, September 13, 2024
HomeCiscoCisco Fixes High-severity Flaws in Webex, IP Cameras and ISE

Cisco Fixes High-severity Flaws in Webex, IP Cameras and ISE

Published on

Cisco fixes high-security flaws with IP Cameras, Webex Teams, and Identity Services Engine let attackers execute remotely on an affected device.

Along with this Cisco also fixes eleven medium-severity vulnerabilities in various Cisco devices.

Cisco Webex Windows DLL Hijacking Vulnerability

The vulnerability resides with specific DLLs in the Cisco Webex Teams client for Windows allow an authenticated local attacker to load a malicious library.

- Advertisement - EHA

The vulnerability is due to incorrect handling of directory paths at run time, Cisco fixed the vulnerability with 3.0.16269.0, and later, users are recommended to update with the fixed version.

The high-severity vulnerability can be tracked as CVE-2020-3544 and received a CVSS score of 7.8 out of 10.

IP Cameras RCE & DoS

Another high-severity security flaw resides with Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload.

An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device.

Successful exploitation allows attackers to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS).

Cisco fixed the vulnerability with 1.0.9-5 and later, users are recommended to update with a fixed version.

ISE Authorization Bypass Vulnerability

The vulnerability resides in the web-based management interface of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Also Read

Cisco Warns Hackers Actively Exploited Bug in Carrier-grade Routers

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Citrix Workspace App Vulnerable to Privilege Escalation Attacks

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace...

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign...

Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild

A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers....

Docker Desktop Vulnerabilities Let Attackers Execute Remote Code

Docker has addressed critical vulnerabilities in Docker Desktop that could allow attackers to execute...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign...

CosmicBeetle Exploiting Old Vulnerabilities To Attacks SMBs All Over The World

CosmicBeetle, a threat actor specializing in ransomware, has recently replaced its old ransomware, Scarab,...

Researchers Hacked Car EV Chargers To Execute Arbitrary Code

Researchers discovered flaws in the Autel MaxiCharger EV charger that make it potential to...