Cisco has released patches for sixteen vulnerabilities across its products, including one rated critical, six high severity, and nine medium risk.
The critical vulnerability impacts Cisco’s Smart Software Manager On-Prem licensing solution (previously known as Smart Software Manager satellite) and could allow a remote, unauthenticated attacker to access system data with high privileges.
Cisco explains that the issue is the result of a system account with a default and static password, but which is not under the control of the system administrator.
An attacker could use the account to gain read and write access to system data, including the configuration of affected devices. However, they would not have full control of the device, the company explains.
Tracked as CVE-2020-3158 and featuring a CVSS score of 9.8, the flaw impacts Cisco Smart Software Manager On-Prem releases earlier than 7-202001, but only if the High Availability (HA) feature is enabled.
The first of the high severity bugs addressed this week impacts Unified Contact Center Express (Unified CCX) and could allow an attacker with valid administrative credentials to upload arbitrary files and execute commands on the underlying operating system (CVE-2019-1888).
A high risk flaw (CVE-2019-1736) patched in UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass UEFI Secure Boot validation checks and load their own software image on an affected device.
The issue impacts Firepower Management Center (FMC) 1000, 2500, and 4500, Secure Network Server 3500 and 3600 Series Appliances, and Threat Grid 5504 Appliance, if they run a vulnerable BIOS version and a vulnerable Integrated Management Controller (IMC) firmware.
Cisco also fixed a vulnerability (CVE-2019-1983) in the email message filtering feature of AsyncOS Software for Email Security Appliance (ESA) and Content Security Management Appliance (SMA) th ..
Support the originator by clicking the read the rest link below.
