Cisco released patches for critical vulnerabilities in its Industrial Network Director and Modeling Labs solutions recently.
Industrial Network Director (IND), which is intended for industrial network management, offers visibility into network and automation devices. A critical flaw in IND’s web interface that allowed remote command execution on the underlying operating system has been fixed by Cisco.
The problem, identified as CVE-2023-20036 (with a CVSS score of 9.9), exists as a result of improper input validation during device pack upload. The upload request could be changed, and an authorized attacker could run administrative commands.
Read More: Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.