U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CISCO fixed severe vulnerabilities in Network Management and Security Products

Cisco released security patches for some of its products that fix critical and high severity flaw that could be remotely exploited by hackers. Cisco has released security patches for a number of high-severity vulnerabilities in the CISCO Management and other security products. One of the flaws, a critical vulnerability in the Cisco Prime Collaboration Provisioning (CVE-2016-1416), […]

Cisco Catalyst

Cisco released security patches for some of its products that fix critical and high severity flaw that could be remotely exploited by hackers.

Cisco has released security patches for a number of high-severity vulnerabilities in the CISCO Management and other security products.

One of the flaws, a critical vulnerability in the Cisco Prime Collaboration Provisioning (CVE-2016-1416), could be exploited by a remote attacker to bypass authentication and gain full administrator privileges on the affected system.

The vulnerability plagued the Cisco Prime Collaboration Provisioning version 10.6 if the SP2 is installed.

“A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.” states the security advisory published by Cisco. “The vulnerability is due to an improper implementation of LDAP authentication. An attacker could exploit this vulnerability by logging into a targeted device that is configured for LDAP authentication. Successful exploitation of this vulnerability could grant the attacker full administrator privileges.” 

Cisco has released software updates, available in the Cisco Software Center,  to fix the flaw.

Cisco also fixed another critical vulnerability (CVE-2016-1289) that affected the API of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). A remote attacker can exploit the flaw to abuse the API and upload malicious code to the application server or access management data, such as login credentials.

CISCO prime_collaboration_large

The flaw is due to the improper input validation of HTTP requests for unauthenticated URIs.

The attacker could exploit it by sending a specially crafted HTTP request to the affected URIs.

“The vulnerability is due to improper input validation of HTTP requests for unauthenticated URIs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected URIs. Successful exploitation of this vulnerability could allow the attacker to upload malicious code to the application server or read unauthorized management data, such as credentials of devices managed by Cisco Prime Infrastructure or EPNM.” reads the CISCO advisory that confirms also that the security issue impacts Prime Infrastructure versions 1.2 through 3.0, and EPNM version 1.2.

The IT giant also announced that the Firepower software running on some FirePOWER, Adaptive Security Appliance (ASA), Advanced Malware Protection (AMP), and Virtual Next-Generation Intrusion Prevention System products is plagued by a high severity flaw (CVE-2016-1394).

The software includes a user account with a default and static password that could be exploited by a remote attacker to log in to the device.

Cisco was also informed by Daniel Jensen from Security-Assessment.com of a medium severity remote code execution vulnerability in Prime Infrastructure and EPNM. The experts of the company are working to fix it, fortunately, it could be exploited only by an authenticated attacker.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Security updates, network security)