Security updates have been released by Cisco in regard to three critical vulnerabilities with a CVSS score of 9.8. The flaws were labeled as CVE-2019-1821, CVE-2019-1822, and CVE-2019-1823. The latter two need an attacker to provide valid credentials to allow them to exploit the flaws. Network access to the vulnerable interface is all it took for CVE-2019-1821 to be exploited. Cisco security advisory read, “These vulnerabilities exist because the software improperly validates user-supplied input. An attacker could exploit these vulnerabilities by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.” Although some users may still have been affected, Cisco advised all users of the platform to download the updates immediately.
Analyst Notes
As previously stated above, security updates should be implemented as soon as possible. If this is not done, it could leave the networks it manages in shambles because of remote code execution of malicious programs. At this time, there are no other workarounds and users must simply wait for information to be released.
