Patch/Configuration Management

Cisco Issues Patches for Multiple Security Flaws

Patches have been issued by Cisco for several security flaws impacting its products, the most severe of which are a pair of critical vulnerabilities in the Smart Licensing Utility, tracked as CVE-2024-20439 and CVE-2024-20440, reports SecurityWeek.

Threat actors could leverage CVE-2024-20439 via static credentials to facilitate the compromise of targeted systems with administrative privileges while intrusions involving CVE-2024-20440 could enable the acquisition of log files with credentials and other sensitive details, according to an advisory from Cisco.

Also addressed by Cisco were a high-severity code execution vulnerability in the Meraki Systems Manager agent for Windows, as well as medium-severity bugs in Duo Epic for Hyperdrive, Expressway Edge, and the Identity Services Engine.

Abuse of the ISE flaw, tracked as CVE-2024-20469, could permit operating system command injections and privilege escalation. "This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command," said Cisco.

You can skip this ad in 5 seconds

Cookies

This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you.

If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies.