Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco fixes a static default credential issue in Smart Software Manager tool

Cisco has released security updates to address 17 vulnerabilities affecting its networking and unified communications product lines. Cisco has released security patches to fix 17 vulnerabilities affecting its networking and unified communications product lines. The types of fixed vulnerabilities include remote access and code execution, elevation of privilege, denial of service, and cross-site request forgeries. One of […]

Cisco Catalyst

Cisco has released security updates to address 17 vulnerabilities affecting its networking and unified communications product lines.

Cisco has released security patches to fix 17 vulnerabilities affecting its networking and unified communications product lines.

The types of fixed vulnerabilities include remote access and code execution, elevation of privilege, denial of service, and cross-site request forgeries.

One of the flaws patched the IT giant is a critical issue, tracked as CVE-2020-3158, while six vulnerabilities are rated as high-risk severity.

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool.

“A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.” reads the advisory published by Cisco.

“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.

The issue could expose a sensitive portion of the system, but Cisco pointed out that the attacker would not have full administrative rights to control the device.

The vulnerability affects Cisco Smart Software Manager On-Prem releases prior to the 7-202001 version, only if the High Availability (HA) feature is enabled (HA is not enabled by default).

Cisco Small Business Routers

Cisco also addressed privilege escalation vulnerabilities in Unified Contact Center (CVE-2019-1888) and Data Center Network Manager (CVE-2020-3112). The tech giant fixed a code execution vulnerability in NFV Infrastructure Sotware (CVE-2020-3138) that could be exploited only by local attackers.

The list of addressed flaws includes two DoS flaws, tracked CVE-2019-1947 and CVE-2019-1983 respectively, in the Cisco Email Security Appliance.

The remaining flaws patched by the company are a SQL injection in Cloud Web Security (CVE-2020-3154) and remote code execution bugs in the Cisco IP Phone (CVE-2020-3111).

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]