Cisco recently published updates for high-severity vulnerabilities in its Business Process Automation (BPA) and Web Security Appliance (WSA) products that might allow users to be hacked.
Business Process Automation (BPA) was patched for two security flaws, each with a CVSS score of 8.8. Cisco issued an alert warning that an authenticated, remote attacker who exploited these vulnerabilities may gain Administrator access.
The problems arise when authorization for specific functionality and access to log files holding sensitive data isn’t strictly enforced.
The first vulnerability, designated CVE-2021-1574, might be exploited by sending specially crafted HTTP requests to a susceptible machine, allowing an attacker to take unauthorized operations as administrator.
To Read More: Security Week
For more such updates follow us on Google News ITsecuritywire News.