Cisco’s Bug Bonanza: New Patches Fix Critical Flaws, But Will They Hold?

Cisco patches bugs in its products, addressing vulnerabilities that could allow threat actors to log in or take over devices. The flaws include an OS command injection in Cisco Identity Service Engine (CVE-2024-20469) and a backdoor account in Smart Licensing Utility (CVE-2024-20439). Admins are urged to update affected versions.

3P
Published: September 5, 2024 1:18 pmAdded: September 5, 2024 at 6:50 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Cisco’s been busy plugging holes, but hey, who knew software licensing could be such a juicy target? Just your friendly neighborhood hackers turning “Smart Licensing” into a “Smart Exploiting” party. Yikes!

Key Points:

  • Cisco released patches for multiple vulnerabilities in their products.
  • CVE-2024-20469: OS command injection vulnerability in Cisco’s Identity Service Engine (ISE) with a severity score of 6.0.
  • CVE-2024-20439: Undocumented static user credential in Smart Licensing Utility (SLU) software with a severity score of 9.8.
  • CVE-2024-20440: Excessive verbosity in debug log file in SLU, also with a severity score of 9.8.
  • Admins should upgrade ISE to versions 3.2P7 or 3.3P4 and SLU to version 2.3.0 to secure their systems.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?