Patches have been issued by Cisco for several security flaws impacting its products, the most severe of which are a pair of critical vulnerabilities in the Smart Licensing Utility, tracked as CVE-2024-20439 and CVE-2024-20440, reports SecurityWeek.
Threat actors could leverage CVE-2024-20439 via static credentials to facilitate the compromise of targeted systems with administrative privileges while intrusions involving CVE-2024-20440 could enable the acquisition of log files with credentials and other sensitive details, according to an advisory from Cisco. Also addressed by Cisco were a high-severity code execution vulnerability in the Meraki Systems Manager agent for Windows, as well as medium-severity bugs in Duo Epic for Hyperdrive, Expressway Edge, and the Identity Services Engine. Abuse of the ISE flaw, tracked as CVE-2024-20469, could permit operating system command injections and privilege escalation. "This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command," said Cisco.