Among them are three for critical authentication bypass flaws.
Cisco celebrated the new year by dropping patches for 12 vulnerabilities. The patches include fixes for three critical authentication bypass flaws, two command injection vulnerabilities, a pair of SQL injection vulnerabilities, three path traversal vulnerabilities, a vulnerability in the Data Center Network Manager (DCNM) JBoss Enterprise Application Platform (EAP), and an XML external entity vulnerability.
Satnam Narang, senior research engineer at Tenable, wrote a blog post in which he pointed out that the three authentication bypass flaws are among the most severe, largely because they act as gateways to exploiting the other vulnerabilities.
Eleven of the vulnerabilities were discovered by Steven Seeley of Source Incite, while the 12th was reported by Harrison Neal of PatchAdvisor.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "SIM Swapping Attacks: What They Are & How to Stop Them."
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024