CERT-In warns about more bugs in Cisco products
In less than 10 days, the Indian Computer Emergency Response Team (CERT-In) issued another advisory over serious vulnerabilities in networking major Cisco products that could help hackers gain access, infiltrate into computer systems and steal data.
The multiple vulnerabilities have been reported in Cisco Secure Email and Web Manager, Cisco Email Security Appliance (ESA) and Cisco Enterprise Chat and Email (ESE), which could allow the attacker to execute arbitrary code, conduct a cross-site scripting attack (XSS) and retrieve sensitive information on the targeted system.
The ‘Information Disclosure Vulnerability’ exists in the web management interface of Cisco Secure Email and Web Manager. Successful exploitation of this vulnerability could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server.
The ‘Cross Site Scripting Vulnerability’ exists in the web interface of Cisco Enterprise Chat and Email (ECE). Exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information.
Recently, CERT-In advised enterprises about three serious vulnerabilities in Cisco products called Security Bypass Vulnerability, Denial of Service Vulnerability and Information Disclosure Vulnerability.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.