Cisco celebrated the new year by dropping patches for 12 vulnerabilities. The patches include fixes for three critical authentication bypass flaws, two command injection vulnerabilities, a pair of SQL injection vulnerabilities, three path traversal vulnerabilities, a vulnerability in the Data Center Network Manager (DCNM) JBoss Enterprise Application Platform (EAP), and an XML external entity vulnerability.
Satnam Narang, senior research engineer at Tenable, wrote a blog post in which he pointed out that the three authentication bypass flaws are among the most severe, largely because they act as gateways to exploiting the other vulnerabilities.
Eleven of the vulnerabilities were discovered by Steven Seeley of Source Incite, while the 12th was reported by Harrison Neal of PatchAdvisor.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "SIM Swapping Attacks: What They Are & How to Stop Them."