Researcher Discloses Critical RCE Flaws In Cisco Security Manager
Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22 of the platform.
The development comes after Code White researcher Florian Hauser (frycos) yesterday publicly disclosed proof-of-concept (PoC) code for as many as 12 security vulnerabilities affecting the web interface of CSM that makes it possible for an unauthenticated attacker to achieve remote code execution (RCE) attacks.
The flaws were responsibly reported to Cisco’s Product Security Incident Response Team (PSIRT) three months ago, on July 13.
“Since Cisco PSIRT became unresponsive and the published release 4.22 still doesn’t mention any of the vulnerabilities,” claimed frycos in a tweet, citing the reasons for going public with the PoCs yesterday.
Cisco Security Manager is an end-to-end enterprise solution that allows organizations to enforce access policies and manage and configure firewalls and intrusion prevention systems in a network.