Home / News / Cisco fixed dangerous vulnerabilities in its industrial and enterprise solutions

Cisco fixed dangerous vulnerabilities in its industrial and enterprise solutions

Cisco eliminated two dangerous vulnerabilities affecting the update feature in the Cisco Industrial Network Director (IND) software package and the Cisco Unified Presence Platform Authorization Service (Cisco Unified CM IM & P Service, Cisco VCS, and Cisco Expressway).

Cisco IND is a solution for managing industrial automation systems, and Cisco Unified Presence is a corporate platform that provides collection of information about the current state of customers’ availability and the ability to connect to customers in alternative ways.

The Cisco IND software contains a vulnerability (CVE-2019-1861) that allows an authorized attacker to execute code on devices with running vulnerable software. The problem related to incorrect verification of files uploaded to the application. The vulnerability affects Cisco IND versions up to 1.6.0.

The Cisco Unified Presence Solution is subject to a vulnerability (CVE-2019-1845), through which an unauthorized attacker can remotely initiate a denial of service during the authorization process of users on vulnerable servers.

The problem is caused by insufficient control in certain memory operations.

Read also: 6 Dangerous Vulnerabilities Fixed In GOG Game Client

An attacker can exploit a bug by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) authorization requests to a vulnerable system. A successful attack will result in an unexpected restart of the authentication service and the inability to log in.

Issue resolved in Cisco Expressway Series and Cisco TelePresence VCS X12.5.3 and later.

Currently, exploitation of the described above vulnerabilities have not been identified.

Source: https://www.bleepingcomputer.com

[Total: 0    Average: 0/5]
READ  Google let loose ad blocking policy for Chrome extensions

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

League of Entropy

Cloudflare launches global service to generate random numbers streams

Cloudflare announced launching League of Entropy to generate random number streams that government and other …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.