Patch/Configuration Management, Vulnerability Management

Cisco announced 26 vulnerabilities in over the last two days, three critical

Cisco announced 26 vulnerabilities in over the last two days, including two critical flaws affecting core equipment that could grant attackers an avenue into networks.

The vulnerabilities CVE-2019-1625 and CVE-2019-1848  were a Cisco SD-WAN Solution privilege escalation vulnerability and a Cisco DNA Center authentication bypass vulnerability, respectively.

The privilege escalation vulnerability, CVE-2019-1625,  is caused by insufficient authorization enforcement and could allow the attacker to make configuration changes to the system as the root user.

The authentication bypass vulnerability, CVE-2019-1848, is caused by insufficient access restriction to ports necessary for system operation and could allow an attacker to reach internal services that are not hardened for external access.

Cisco also notified users of a remote command execution vulnerability in several of its routers that can allow a remote attacker to execute arbitrary code on an affected device.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.