Thursday, November 30, 2023

Multiple Cisco Services Engine Flaws Let Attackers Upload Arbitrary Files

Multiple vulnerabilities have been discovered in the Cisco Services Engine associated with Arbitrary File Upload and Denial of Service assigned with CVEs CVE-2023-20195, CVE-2023-20196, and CVE-2023-20213.

The severity for these vulnerabilities ranges between 4.3 (Medium) and 4.7 (Medium).

These vulnerabilities were identified in the Cisco Identity Services Engine, which is an identity and access control policy platform that can be used to enforce compliance, enhance infrastructure security, and streamline service operations.

However, Cisco has released a security advisory and patches for fixing these vulnerabilities. 

CVE-2023-20195 and CVE-2023-20196: Cisco ISE Arbitrary File Upload Vulnerabilities

An authenticated threat actor can leverage these two vulnerabilities to upload arbitrary files to an affected device. However, as a prerequisite, the threat actors must have valid Administrator credentials on the affected device.

Document
FREE Trial

Patch Manager Plus to Patch Over 850 Third-party Applications.

Patch Manager Plus, our all-around patching solution, offers automated patch deployment for Windows, macOS, and Linux endpoints, along with patching support for 950+ third-party updates across 850+ third party applications..

These vulnerabilities exist due to improper validation of files uploaded to the web-based management interface, which can be abused by uploading crafted files. The severity of these vulnerabilities has been given as 4.7 (Medium).

CVE-2023-20213: Cisco ISE CDP Denial of Service Vulnerability

This vulnerability exists on the CDP (Cisco Discovery Protocol) processing feature of Cisco ISE, which an authenticated threat actor can use to cause a denial of service (DoS) condition of the CDP process.

Cisco CDP is used to check which Cisco port is connected to a certain vSwitch along with properties of the Cisco switch such as the software version and device ID. The severity of this vulnerability has been given as 4.3 (Medium).

Affected Products

Cisco ISE ReleaseFirst Fixed Release for CVE-2023-20195and CVE-2023-20196First Fixed Release for CVE-2023-20213
2.6 and earlierMigrate to a fixed release.Migrate to a fixed release.
2.72.7P102.7P10
33.0P83.0P7
3.13.1P8 (Nov 2023)3.1P6
3.23.2P33.2P2
3.3Not vulnerable.Not vulnerable.

It is recommended for users of these products to upgrade to fixed versions to prevent these vulnerabilities from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Website

Latest articles

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

CISA Warns Hackers Exploiting Wastewater Systems Logic Controllers

In a disconcerting turn of events, cyber threat actors have set their sights on...

Zyxel Command Injection Flaws Let Attackers Run OS Commands

Three Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products,...

North Korean Hackers Attacking macOS Using Weaponized Documents

Hackers often use weaponized documents to exploit vulnerabilities in software, which enables the execution...

Most Popular Websites Still Allow Users To Have Weak Passwords

The latest analysis shows that tens of millions of people are creating weak passwords...

Chrome Zero-Day Vulnerability That Exploited In The Wild

Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this...
Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles