Sunday, February 16, 2025
HomeCiscoCisco Released Security Updates – Vulnerable Cisco Devices Let Hackers Execute an...

Cisco Released Security Updates – Vulnerable Cisco Devices Let Hackers Execute an Arbitrary Code

Published on

SIEM as a Service

Follow Us on Google News

Cisco released security updates with the fixes for several vulnerabilities that affected Cisco products that allow attackers to execute arbitrary code in vulnerable Cisco devices.

It consists of 10 vulnerabilities that affected different Cisco products in which, all the vulnerabilities are categorized under “High” severity.

A remote code execution CVE-2019-1716 vulnerability that exists in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series let an attacker execute arbitrary code with the privileges app users.

Due to improper software validation during the process of user authentication, the device could exploit by connecting to an affected device using HTTP and supplying malicious user credentials.

There is another 4 vulnerability that affected Cisco IP Phone 8800 Series including Path Traversal, Denial of Service, Authorization Bypass, Cross-Site Request Forgery.

Also Cisco Nexus 9000 Series affected a shell escape vulnerability
CVE-2019-1591 that allows a local attacker to escape a restricted shell on device.

Another vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

Cisco Released Security Updates

Cisco advised users to immediately apply these patches immediately to keep the network safe and secure.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.

Also Read:

Cisco Released Security Updates & Fixed 35 Vulnerabilities That Affected Several Cisco Products

Cisco Released Security Updates for 2 Vulnerabilities that allows Hackers to Compromise Cisco Wireless Routers

Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Cl0p Ransomware Hide Itself on Compromised Networks After Exfiltrate the Data

The Cl0p ransomware group, a prominent player in the cybercrime landscape since 2019, has...

Ratatouille Malware Bypass UAC Control & Exploits I2P Network to Launch Cyber Attacks

A newly discovered malware, dubbed "Ratatouille" (or I2PRAT), is raising alarms in the cybersecurity...

Hackers Exploit 3,000 ASP.NET Machine Keys to Hack IIS Web Servers Remotely

Microsoft has raised alarms about a new cyber threat involving ViewState code injection attacks...