Cisco Patches Critical Vulnerabilities in Enterprise Networking Products

The weakness exists because a user-supplied Java byte stream is insecurely deserialized, allowing attackers to send crafted serialized objects to trigger the exploitation.“A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root,” Cisco explains, noting that the exploitation risk is lower for FMC management interfaces that are not accessible from the internet.On Wednesday, Cisco also announced fixes for nine high-severity vulnerabilities in the ASA Firewall, Secure FMC, and Secure FTD appliances, which could be exploited to conduct SQL injection attacks, cause denial-of-service (DoS) conditions, and read, create, or overwrite sensitive files.The remaining three dozen flaws addressed in Cisco’s enterprise networking appliances are medium-severity issues.Cisco also announced patches for medium-severity security defects in Webex and ClamAV. Additional information can be found on Cisco’ssecurity advisoriespage.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to update their deployments as soon as possible.Related:Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated HackersRelated:Cisco, F5 Patch High-Severity VulnerabilitiesRelated:Hackers Targeting Cisco Unified CM Zero-DayRelated:Cisco Patches Vulnerability Exploited by Chinese Hackers

“A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root,” Cisco explains, noting that the exploitation risk is lower for FMC management interfaces that are not accessible from the internet.On Wednesday, Cisco also announced fixes for nine high-severity vulnerabilities in the ASA Firewall, Secure FMC, and Secure FTD appliances, which could be exploited to conduct SQL injection attacks, cause denial-of-service (DoS) conditions, and read, create, or overwrite sensitive files.The remaining three dozen flaws addressed in Cisco’s enterprise networking appliances are medium-severity issues.Cisco also announced patches for medium-severity security defects in Webex and ClamAV. Additional information can be found on Cisco’ssecurity advisoriespage.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to update their deployments as soon as possible.Related:Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated HackersRelated:Cisco, F5 Patch High-Severity VulnerabilitiesRelated:Hackers Targeting Cisco Unified CM Zero-DayRelated:Cisco Patches Vulnerability Exploited by Chinese Hackers

On Wednesday, Cisco also announced fixes for nine high-severity vulnerabilities in the ASA Firewall, Secure FMC, and Secure FTD appliances, which could be exploited to conduct SQL injection attacks, cause denial-of-service (DoS) conditions, and read, create, or overwrite sensitive files.The remaining three dozen flaws addressed in Cisco’s enterprise networking appliances are medium-severity issues.Cisco also announced patches for medium-severity security defects in Webex and ClamAV. Additional information can be found on Cisco’ssecurity advisoriespage.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to update their deployments as soon as possible.Related:Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated HackersRelated:Cisco, F5 Patch High-Severity VulnerabilitiesRelated:Hackers Targeting Cisco Unified CM Zero-DayRelated:Cisco Patches Vulnerability Exploited by Chinese Hackers

The remaining three dozen flaws addressed in Cisco’s enterprise networking appliances are medium-severity issues.Cisco also announced patches for medium-severity security defects in Webex and ClamAV. Additional information can be found on Cisco’ssecurity advisoriespage.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to update their deployments as soon as possible.Related:Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated HackersRelated:Cisco, F5 Patch High-Severity VulnerabilitiesRelated:Hackers Targeting Cisco Unified CM Zero-DayRelated:Cisco Patches Vulnerability Exploited by Chinese Hackers

Cisco also announced patches for medium-severity security defects in Webex and ClamAV. Additional information can be found on Cisco’ssecurity advisoriespage.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to update their deployments as soon as possible.Related:Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated HackersRelated:Cisco, F5 Patch High-Severity VulnerabilitiesRelated:Hackers Targeting Cisco Unified CM Zero-DayRelated:Cisco Patches Vulnerability Exploited by Chinese Hackers

Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to update their deployments as soon as possible.Related:Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated HackersRelated:Cisco, F5 Patch High-Severity VulnerabilitiesRelated:Hackers Targeting Cisco Unified CM Zero-DayRelated:Cisco Patches Vulnerability Exploited by Chinese Hackers

Related:Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated HackersRelated:Cisco, F5 Patch High-Severity VulnerabilitiesRelated:Hackers Targeting Cisco Unified CM Zero-DayRelated:Cisco Patches Vulnerability Exploited by Chinese Hackers

Related:Cisco, F5 Patch High-Severity VulnerabilitiesRelated:Hackers Targeting Cisco Unified CM Zero-DayRelated:Cisco Patches Vulnerability Exploited by Chinese Hackers

Related:Hackers Targeting Cisco Unified CM Zero-DayRelated:Cisco Patches Vulnerability Exploited by Chinese Hackers

Related:Cisco Patches Vulnerability Exploited by Chinese Hackers

Source: SecurityWeek