New vulnerabilities add to Cisco's bad September

by Derek Kortepeter
Sept. 1, 2017 0 comments TechGenix Pen Testing & Audits vulnerabilities

Because Cisco is a major part of the technology community, cybersecurity issues at the networking equipment maker are a huge deal for everyone in the IT world. In the month of September alone, there were numerous vulnerabilities patched for various Cisco products. The newest issue to arise for Cisco involves command injection and execution vulnerabilities. On September 21, Cisco announced three different cases, two of which have patches while the other does not at this time. The first vulnerability with a patch is CVE-2016-6373, which affects Cisco Cloud Services Platform 2100. The vulnerability involves the ability for command injection by a remote threat actor at root-access level. The patch report states that “the vulnerability is due to insufficient sanitization of user-supplied input.” CVE-2016-6373 has been judged to be a “Critical” flaw that needs to be patched as soon as possible.