Cisco Drops a Dozen Vulnerability Patches
Among them are three for critical authentication bypass flaws.
Cisco celebrated the new year by dropping patches for 12 vulnerabilities. The patches include fixes for three critical authentication bypass flaws, two command injection vulnerabilities, a pair of SQL injection vulnerabilities, three path traversal vulnerabilities, a vulnerability in the Data Center Network Manager (DCNM) JBoss Enterprise Application Platform (EAP), and an XML external entity vulnerability.
Satnam Narang, senior research engineer at Tenable, wrote a blog post in which he pointed out that the three authentication bypass flaws are among the most severe, largely because they act as gateways to exploiting the other vulnerabilities.
Eleven of the vulnerabilities were discovered by Steven Seeley of Source Incite, while the 12th was reported by Harrison Neal of PatchAdvisor.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "SIM Swapping Attacks: What They Are & How to Stop Them."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024