Description
Cisco has released patch to fix multiple vulnerabilities in cisco products. Successful exploit of critical vulnerabilities can allow a remote unauthenticated attacker to gain control of the affected system as the root user.
Following list provides some important vulnerabilities and its impact with CVE ID:
[Critical] - CVE-2021-40119: SSH Keys Vulnerability in Cisco Policy Suite Static can allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations.
[Critical] - CVE-2021-34795: Vulnerability in web-based management interface of the Cisco Catalyst PON Series Switches can allow an attacker to perform command injection, configuration changes and Log in with a default credential if the Telnet protocol is enabled on affected systems. This vulnerability is due to insufficient expiration of session credentials.
[High] - CVE-2021-34739: Session Credentials Replay Vulnerability in Cisco Small Business Series Switches can allow an attacker to replay valid user session credentials and gain unauthorized access to web-based management interface with administrator privileges.
[High] - CVE-2021-34741: Denial of Service Vulnerability in Cisco Email Security Appliance can allow an attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails.
Recommendations
Workaround:
It is recommended to update cisco products with latest available update/patch.
Reference
