Cisco released security updates for multiple products, some of which contain vulnerabilities that if exploited would allow an attacker to take control of an affected system.
The patches include fixes for a Cisco Vision Dynamic Signage Director REST API Authentication bypass vulnerability, FindIT Network Management Software static credentials vulnerability, and an IOS Access Points Software 802.11r Fast Transition denial-of-service vulnerability, according to a July 18 security alert.
The API Authentication bypass vulnerability is rated “Critical” and is the result of insufficient validation of HTTP requests and a successful exploit could allow an attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system.
The other two vulnerabilities are rated “High” with the DoS vulnerability caused by a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. The static credentials vulnerability was caused by the presence of an account with static credentials in the underlying Linux operating system.
Those affected should update their systems as soon as possible.