Latest


CERT-In finds multiple vulnerabilities in Cisco products, advises users to update

  •   Sun, May 19 2024 08:06:40 PM

New Delhi, May 19 (IANS): The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, has issued an advisory over two serious vulnerabilities in networking giant Cisco products that could allow attackers to elevate privileges to root on the underlying operating system.

The vulnerabilities reported in the company's product 'ConfD CLI' could allow the authenticated, low-privileged, local attacker "to read and write arbitrary files as root or elevate privileges to root on the underlying operating system", CERT-In said in its latest advisory.

The 'Arbitrary File Read and Write Vulnerability' exists in ConfD CLI due to improper authorisation enforcement when specific CLI commands are used.

"An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments," the cyber agency said.

It also mentioned that the successful exploitation of this vulnerability could allow "the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user".

The second vulnerability 'Privilege Escalation' exists in the affected product due to an incorrect privilege assignment when specific CLI commands are used.

According to the cyber agency, an attacker could exploit this vulnerability by executing an affected CLI command. In addition, CERT-In advised users to apply appropriate updates as released by Cisco.

 
  

Top Stories


Leave a Comment

Title: CERT-In finds multiple vulnerabilities in Cisco products, advises users to update



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like