Cisco Patches Code and Command Execution Vulnerabilities in Several Products
06-Apr-23
This week, Cisco released updates for a number of flaws affecting a variety of its products, including Secure Network Analytics and Identity Services Engine (ISE) products. With the introduction of Secure Network Analytics 7.4.1-Patch SMC Rollup #5, Cisco has addressed the issue.
The first flaw, identified as CVE-2023-20102, is characterised as incomplete sanitization of user-provided data processed into memory. An authorised remote attacker might execute arbitrary code on a vulnerable device by sending specially crafted HTTP requests to it. The technology behemoth also disclosed updates for Cisco ISE’s faulty parameter validation that might result in privilege escalation.
