IT Department Cyber ​​Agency Warns Users of More Bugs in Cisco Products

In less than 10 days, India’s Computer Emergency Response Team (CERT-In), which falls under the Ministry of IT, issued another advisory on Wednesday regarding serious vulnerabilities in the networking of major products. Cisco that could help hackers access, infiltrate computer systems and steal data.

Multiple vulnerabilities have been reported in Cisco Secure Email and Web Manager, Cisco Email Security Appliance (ESA), and Cisco Enterprise Chat and Email (ECE) that could allow the attacker to execute arbitrary code, conduct a script attack cross-site (XSS) and retrieve sensitive information about the targeted system, CERT-In said in its advisory.

The “information disclosure vulnerability” exists in the web management interface of Cisco Secure Email and Web Manager, “due to a lack of input sanitization when querying the external authentication server”.

“An attacker could exploit this vulnerability by sending a specially crafted request through an external authentication webpage. Successful exploitation of this vulnerability could allow the attacker to gain access to sensitive information, including credentials of the user from the external authentication server,” the advisory read.

The “Cross-Site Scripting Vulnerability” exists in the Cisco Enterprise Chat and Email (ECE) web interface “due to insufficient validation of user-supplied input that is processed by the web interface”.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the interface or access sensitive browser-based information.

On June 20, CERT-In notified companies of three serious vulnerabilities in the network major’s products.

Vulnerabilities in products such as routers and mail/web manager could allow the attacker to gain unauthorized access, execute arbitrary commands, and cause a denial of service attack on an affected system, had declared CERT-In in its previous notice.

The bugs that were last documented in Cisco products were called “security bypass vulnerability”, “denial of service vulnerability”, and “information disclosure vulnerability”.



(Only the title and image of this report may have been edited by Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Dear reader,

Business Standard has always endeavored to provide up-to-date information and commentary on developments that matter to you and that have wider political and economic implications for the country and the world. Your constant encouragement and feedback on how to improve our offering has only strengthened our resolve and commitment to these ideals. Even in these challenging times stemming from Covid-19, we remain committed to keeping you informed and updated with credible news, authoritative opinions and incisive commentary on relevant topical issues.
However, we have a request.

As we battle the economic impact of the pandemic, we need your support even more so that we can continue to bring you more great content. Our subscription model has received an encouraging response from many of you who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of bringing you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practice the journalism we are committed to.

Support quality journalism and subscribe to Business Standard.

digital editor

Previous ServiceNow launches Lightstep Notebooks to help developers speed up troubleshooting
Next NTA Issues Answer Key, Response Sheet, Question Paper; Direct link here