Get patching: Cisco warns of these critical product vulnerabilities

Cisco has released security updates to fix vulnerabilities in multiple products that, if left unpatched, could allow an attacker to take control of affected systems and give them the ability to perform a variety of malicious actions.

The newly disclosed critical security vulnerabilities affect Cisco Policy Suite Static SSH Keys and Cisco Cisco Catalyst PON Series Switches Optical Network Terminals. The US Cybersecurity & Infrastructure Security Agency (CISA) has urged users and administrators to review the Cisco advisories and apply the necessary updates.

ZDNet Recommends

Cisco Policy Suite – a software package for data management – contains a vulnerability (CVE-2021-40119) in the key of its Secure Shell (SHH) cryptographic network authentication mechanism, which could allow an unauthenticated, remote attacker to login to unpatched systems as the root user.

SEE: A winning strategy for cybersecurity (ZDNet special report)

This ability could provide them with unrestricted permissions to access, read and write files, something that is extremely desirable for attackers looking to access data, install malware or perform other malicious activities.

There are also two critical security vulnerabilities in Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminals that are used to help deliver deliver internet access to multiple endpoints

Read More: https://www.zdnet.com/article/get-patching-cisco-warns-of-these-critical-product-vulnerabilities/#ftag=RSSbaffb68