Cisco releases updates, one 'Critical,' two 'High' severity ratings

News by Robert Abel

Cisco released security updates for multiple products, some of which contain vulnerabilities that, if exploited would allow an attacker to take control of an affected system.

Cisco released security updates for multiple products, some of which contain vulnerabilities that, if exploited would allow an attacker to take control of an affected system.

The patches include fixes for a Cisco Vision Dynamic Signage Director REST API Authentication bypass vulnerability, FindIT Network Management Software static credentials vulnerability, and an IOS Access Points Software 802.11r Fast Transition denial-of-service vulnerability, according to an 18 July security alert.

The  API Authentication bypass vulnerability is rated "Critical" and is the result of insufficient validation of HTTP requests and a successful exploit could allow an attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system.

The other two vulnerabilities are rated "High", with the DoS vulnerability caused by a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. The static credentials vulnerability was caused by the presence of an account with static credentials in the underlying Linux operating system. 

Those affected should update their systems as soon as possible.

This article was originally published by SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews