Cisco announced 26 vulnerabilities in over the last two days, three critical

News by Robert Abel

Cisco also notified users of a remote command execution vulnerability in several of its routers that can allow a remote attacker to execute arbitrary code on an affected device

Cisco announced 26 vulnerabilities this week, including two critical flaws affecting core equipment that could grant attackers an avenue into networks.

The vulnerabilities CVE-2019-1625 and CVE-2019-1848  were a Cisco SD-WAN Solution privilege escalation vulnerability and a Cisco DNA Center authentication bypass vulnerability, respectively. 

The privilege escalation vulnerability, CVE-2019-1625,  is caused by insufficient authorisation enforcement and could allow the attacker to make configuration changes to the system as the root user.

The authentication bypass vulnerability, CVE-2019-1848, is caused by insufficient access restriction to ports necessary for system operation and could allow an attacker to reach internal services that are not hardened for external access.

Cisco also notified users of a remote command execution vulnerability in several of its routers that can allow a remote attacker to execute arbitrary code on an affected device.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews