This week, Cisco released patches for a number of flaws affecting a variety of its products, including Secure Network Analytics and Identity Services Engine (ISE) products.
The first bug, identified as CVE-2023-20102, is characterized as incomplete sanitization of user-provided data parsed into memory. An authenticated remote attacker could execute arbitrary code on a vulnerable device by sending specially crafted HTTP requests to it.
With the release of Secure Network Analytics 7.4.1-Patch SMC Rollup #5, Cisco has fixed the issue. The technology behemoth also disclosed patches for Cisco ISE’s faulty parameter validation that could result in privilege escalation.
Read More: Cisco Patches Code and Command Execution Vulnerabilities in Several Products
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.