Vulnerability Management, Patch/Configuration Management, Application security

Multiple Cisco product vulnerabilities addressed

Share
A sign with the Cisco logo is seen outside of a building

Patches have been issued by Cisco for several security flaws impacting its products, the most severe of which are a pair of critical vulnerabilities in the Smart Licensing Utility, tracked as CVE-2024-20439 and CVE-2024-20440, reports SecurityWeek.

Threat actors could leverage CVE-2024-20439 via static credentials to facilitate the compromise of targeted systems with administrative privileges while intrusions involving CVE-2024-20440 could enable the acquisition of log files with credentials and other sensitive details, according to an advisory from Cisco. Also addressed by Cisco were a high-severity code execution vulnerability in the Meraki Systems Manager agent for Windows, as well as medium-severity bugs in Duo Epic for Hyperdrive, Expressway Edge, and the Identity Services Engine. Abuse of the ISE flaw, tracked as CVE-2024-20469, could permit operating system command injections and privilege escalation. "This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command," said Cisco.

Multiple Cisco product vulnerabilities addressed

Threat actors could leverage CVE-2024-20439 via static credentials to facilitate the compromise of targeted systems with administrative privileges while intrusions involving CVE-2024-20440 could enable the acquisition of log files with credentials and other sensitive details.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.