Cisco released a security updates with fixes for several product including Cisco Nexus 9000 Series Fabric Switches that affected by critical SSH key vulnerability that allow remote attackers gain access to the affected system.
A Critical Vulnerability (CVE-2019-1804) in SSH key pair for the software’s Secure Shell (SSH) key management function that allows attacks to discover the pairing and connect to a vulnerable Nexus 9000 Series device remotely.
This bug leaks to an attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials.
Additionally Cisco patched 22 high-severity flaws and 18 medium-severity flaws that affected various other Cisco products.
Another high severity vulnerability (CVE-2019-1803) that affected Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges.
A command infection vulnerability (CVE-2019-1816) that affected Cisco Web Security Appliance (WSA) let local attacker to exploit the bug and elevate privileges to root.
“Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition.”
Cisco advised users to apply these patches immediately to keep the network safe and secure.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates
Also Read:
Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access
Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub
Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products
Privilege Escalation Flaw in Cisco ASA Allows Attackers To Read or Write Files in the System
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…