Wednesday, May 22, 2024

Cisco Released Security Updates – Vulnerable Cisco Devices Let Hackers Execute an Arbitrary Code

Cisco released security updates with the fixes for several vulnerabilities that affected Cisco products that allow attackers to execute arbitrary code in vulnerable Cisco devices.

It consists of 10 vulnerabilities that affected different Cisco products in which, all the vulnerabilities are categorized under “High” severity.

A remote code execution CVE-2019-1716 vulnerability that exists in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series let an attacker execute arbitrary code with the privileges app users.

Due to improper software validation during the process of user authentication, the device could exploit by connecting to an affected device using HTTP and supplying malicious user credentials.

There is another 4 vulnerability that affected Cisco IP Phone 8800 Series including Path Traversal, Denial of Service, Authorization Bypass, Cross-Site Request Forgery.

Also Cisco Nexus 9000 Series affected a shell escape vulnerability
CVE-2019-1591 that allows a local attacker to escape a restricted shell on device.

Another vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

Cisco Released Security Updates

Cisco advised users to immediately apply these patches immediately to keep the network safe and secure.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.

Also Read:

Cisco Released Security Updates & Fixed 35 Vulnerabilities That Affected Several Cisco Products

Cisco Released Security Updates for 2 Vulnerabilities that allows Hackers to Compromise Cisco Wireless Routers

Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products

Website

Latest articles

Hackers Claiming Access to Qatar National Bank Database

A group of hackers has claimed to have accessed the database of Qatar National...

Cloud-Based Malware Attack Abusing Google Drive & Dropbox

A phishing email with a malicious zip attachment initiates the attack. The zip contains...

OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients'...

Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a...

Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a...

Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident...

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles