Threat Watch

Critical Security Flaws Found in Cisco’s Prime Infrastructure Platform; Patches Released

Security updates have been released by Cisco in regard to three critical vulnerabilities with a CVSS score of 9.8. The flaws were labeled as CVE-2019-1821, CVE-2019-1822, and CVE-2019-1823. The latter two need an attacker to provide valid credentials to allow them to exploit the flaws. Network access to the vulnerable interface is all it took for CVE-2019-1821 to be exploited. Cisco security advisory read, “These vulnerabilities exist because the software improperly validates user-supplied input. An attacker could exploit these vulnerabilities by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.” Although some users may still have been affected, Cisco advised all users of the platform to download the updates immediately.

 

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As previously stated above, security updates should be implemented as soon as possible. If this is not done, it could leave the networks it manages in shambles because of remote code execution of malicious programs. At this time, there are no other workarounds and users must simply wait for information to be released.

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support