Cisco released security updates with the fixes for several vulnerabilities that affected Cisco products that allow attackers to execute arbitrary code in vulnerable Cisco devices.
It consists of 10 vulnerabilities that affected different Cisco products in which, all the vulnerabilities are categorized under “High” severity.
A remote code execution CVE-2019-1716 vulnerability that exists in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series let an attacker execute arbitrary code with the privileges app users.
Due to improper software validation during the process of user authentication, the device could exploit by connecting to an affected device using HTTP and supplying malicious user credentials.
There is another 4 vulnerability that affected Cisco IP Phone 8800 Series including Path Traversal, Denial of Service, Authorization Bypass, Cross-Site Request Forgery.
Also Cisco Nexus 9000 Series affected a shell escape vulnerability
CVE-2019-1591 that allows a local attacker to escape a restricted shell on device.
Another vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.
Cisco advised users to immediately apply these patches immediately to keep the network safe and secure.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.
Also Read:
Cisco Released Security Updates & Fixed 35 Vulnerabilities That Affected Several Cisco Products
Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…