Oi, Cisco! Who left the ‘high privilege’ login for Smart Software Manager just sitting out in the open?

Forums Security News (Security) Oi, Cisco! Who left the ‘high privilege’ login for Smart Software Manager just sitting out in the open?

Tagged: 

  • This topic is empty.
Viewing 0 reply threads
  • Author
    Posts
    • April 18, 2020 at 6:10 am #41319
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        Headings…
        Oi, Cisco! Who left the ‘high privilege’ login for Smart Software Manager j
        Critical fix for static credential headlines latest patch rollout
        Another week, another bunch of Windows 10 machines punched by a patch
        Most Read
        Keep Reading
        Sponsored links

        Auto extracted Text……

        Cisco has released fixes to address 17 vulnerabilities across its networking and unified communications lines.
        The bundle includes one fix for a critical issue and six patches for bugs deemed high-risk vulnerabilities.
        They include remote access and code execution, elevation of privilege, denial of service, and cross-site request forgeries.
        The lone critical bulletin is for CVE-2020-3158, a bug caused by the presence of a high-privilege account with a static password present in the Cisco Smart Software Manager tool.
        “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator,” Cisco said.
        “An attacker could exploit this vulnerability by using this default account to connect to the affected system.”
        Another week, another bunch of Windows 10 machines punched by a patch READ MORE
        Because Smart Software Manager handles software licenses and keys, there’s not a massive risk to sensitive corporate data from this flaw.
        But an unremovable high-privilege account with a static password is not something anyone wants, so it’s recommended that admins update their software to scrub the static account ASAP.
        Also addressed in this Switchzilla patch bundle were privilege escalation bugs in Unified Contact Center (CVE-2019-1888) and Data Center Network Manager (CVE-2020-3112) along with a code execution bug in NFV Infrastructure Sotware (CVE-2020-3138) that requires local access.
        While denial of service flaws generally are not considered a big risk, they become much more serious when found in network security appliances.
        Such is the case with CVE-2019-1947 and CVE-2019-1983, both in the Cisco Email Security Appliance.
        Other, less-serious flaws, include SQL injection in Cloud Web Security (CVE-2020-3154) and remote code execution bugs in the Cisco IP Phone (CVE-2020-3111).
        Sponsored: Detecting cyber attacks as a small to medium business</a

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.