On Monday, the IT Ministry’s Indian Computer Emergency Response Team (CERT-In) released a warning about three critical Cisco networking flaws that could allow hackers to enter networks, compromise computer systems, and steal data.
Affected systems could be subject to denial-of-service attacks, unauthorized access, and arbitrary command execution thanks to flaws in devices like routers and email/web managers. CERT-In reported, “An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device,” the cyber agency said.
Due to inadequate user input validation of incoming HTTP packets, there is another “Denial of Service Vulnerability” in the web-based administration interface of Cisco small business routers. This could lead to a denial of service (DoS) condition or the arbitrary code execution of an affected device by a remote, unauthenticated attacker.
“An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands on an affected device using root-level privileges,” informed CERT-In.
The third vulnerability, known as an “Information Disclosure Vulnerability,” has also been identified in Cisco Secure Email and Web Manager’s web management interface. If exploited, this vulnerability could give an attacker access to sensitive data, including user credentials from an external authentication server.
“To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials,” said CERT-In. The cyber agency published an advisory last week about a number of flaws in Adobe and Citrix products that may be used by hackers to access computer systems. Adobe products like InDesign were found to contain the flaws (along with previous versions for Windows and macOS).
For more such updates keep reading on techinnews.com
