Cisco patched three vulnerabilities in three products this week that if exploited, could have resulted in a denial of service, crash, and in some instances, arbitrary and remote code execution.
According to security advisories published Wednesday, each of the vulnerabilities are branded “high” severity by Cisco.
One of the issues, an XML External Entity (XXE) vulnerability, exists in versions 1.1 through 3.1.6 of Cisco’s Prime Infrastructure software. The vulnerability is dependent on an admin getting tricked into importing a malicious XML file. By doing so in the web-based user interface Cisco says an authenticated, remote attacker could achieve read and write access to data stored in vulnerable systems, or perform remote code execution.
Full Article.
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico