Critical Cisco Bugs Patched — With a Little “Forever Day” Left Over

FavoriteLoadingIncrease to favorites

“A world wide web service reachable from our authentication bypass has a by-design characteristic allowing an authenticated attacker to execute arbitrary code as root”

He’s at it yet again: Aussie security researcher Steven Seeley has exposed nine additional security vulnerabilities in Cisco gear, such as a “critical” RCE bug in the API of Cisco’s UCS Director tool — the company’s “high protected [sic], finish-to-finish administration, orchestration and automation solution” for knowledge centres.

As Cisco places it: “A vulnerability in the Rest API of Cisco UCS Director and UCS Director Specific for Massive Information [a Hadoop deployment tool] could enable an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an influenced machine.”

The critical Cisco bugs, patched Friday (administrators need to update post haste) include things like a vulnerability with a CVSS score of 9.eight that — by chaining jointly

Read More