Home / News / Cisco fixed dangerous vulnerabilities in its industrial and enterprise solutions

Cisco fixed dangerous vulnerabilities in its industrial and enterprise solutions

Cisco eliminated two dangerous vulnerabilities affecting the update feature in the Cisco Industrial Network Director (IND) software package and the Cisco Unified Presence Platform Authorization Service (Cisco Unified CM IM & P Service, Cisco VCS, and Cisco Expressway).

Cisco IND is a solution for managing industrial automation systems, and Cisco Unified Presence is a corporate platform that provides collection of information about the current state of customers’ availability and the ability to connect to customers in alternative ways.

The Cisco IND software contains a vulnerability (CVE-2019-1861) that allows an authorized attacker to execute code on devices with running vulnerable software. The problem related to incorrect verification of files uploaded to the application. The vulnerability affects Cisco IND versions up to 1.6.0.

The Cisco Unified Presence Solution is subject to a vulnerability (CVE-2019-1845), through which an unauthorized attacker can remotely initiate a denial of service during the authorization process of users on vulnerable servers.

The problem is caused by insufficient control in certain memory operations.

Read also: 6 Dangerous Vulnerabilities Fixed In GOG Game Client

An attacker can exploit a bug by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) authorization requests to a vulnerable system. A successful attack will result in an unexpected restart of the authentication service and the inability to log in.

Issue resolved in Cisco Expressway Series and Cisco TelePresence VCS X12.5.3 and later.

Currently, exploitation of the described above vulnerabilities have not been identified.

Source: https://www.bleepingcomputer.com

[Total: 0    Average: 0/5]

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Tortoiseshell attacks Saudi IT companies

Tortoiseshell cybercrime attacks Saudi IT companies

Over the past 14 months, the Tortoiseshell cybercriminal group has attacked at least 11 IT …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.