Cisco Fixes High-severity Flaws in Webex, IP Cameras and ISE

Together with this Cisco also fixes eleven medium-severity vulnerabilities in numerous Cisco gadgets.

Cisco fixes high-security flaws with IP Cameras, Webex Teams, and Identity Providers Engine let assaulters execute remotely on an affected device.

Cisco Webex Windows DLL Hijacking Vulnerability

The vulnerability is due to incorrect handling of directory site paths at run time, Cisco repaired the vulnerability with 3.0.16269.0, and later on, users are suggested to upgrade with the repaired variation.

The high-severity vulnerability can be tracked as CVE-2020-3544 and received a CVSS score of 7.8 out of 10.

The vulnerability resides with specific DLLs in the Cisco Webex Teams customer for Windows permit an authenticated local assaulter to pack a harmful library.

IP Cameras RCE & & DoS

An assailant might exploit this vulnerability by sending a destructive Cisco Discovery Protocol packet to an afflicted gadget.

Successful exploitation enables attackers to execute code on the affected IP electronic camera or cause it to reload suddenly, leading to a denial of service (DoS).

Another high-severity security defect resides with Cisco Discovery Protocol execution for Cisco Video Surveillance 8000 Series IP Cameras could enable an unauthenticated, nearby aggressor to perform arbitrary code on an affected device or cause the device to refill.

Cisco repaired the vulnerability with 1.0.9-5 and later, users are recommended to update with a fixed variation.

ISE Authorization Bypass Vulnerability

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

The vulnerability resides in the web-based management user interface of the Cisco Identity Services Engine (ISE) might permit an authenticated, remote aggressor to customize parts of the configuration on an affected gadget.

Cisco has actually released software updates that address this vulnerability. There are no workarounds that resolve this vulnerability.

Check out

Cisco Warns Hackers Actively Exploited Bug in Carrier-grade Routers