In less than 10 days, the Indian Computer Emergency Response Team (CERT-In) under the Ministry of IT issued another piece of advice on Wednesday regarding serious network vulnerabilities in essential Cisco products. This helps hackers gain access to infiltrated computer systems and steal data. Various vulnerabilities have been reported in Cisco Secure Email and Web Manager, Cisco Email Security Appliance (ESA), and Cisco Enterprise Chat and Email (ECE) that could allow an attacker to run arbitrary code and cross-site scripting (XSS). attack and find sensitive information about the target system, CERT-In said in its council.
A “disclosure vulnerability” exists in the Cisco Secure Email and Web Manager Web management interfaces “due to a lack of proper input correction when requesting a remote authentication server.” “An attacker could exploit the vulnerability by sending a generated query through an external authentication Web site.” “Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information, including user credentials, from an external authentication server,” the council said. A “Cross-Site Scripting Vulnerability” is present in the Cisco Enterprise Chat and Email (ECE) web interface “due to insufficient validation of user-provided input processed in the web interface.” Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in the context of an interface or gain access to sensitive browser-based information.
On June 20, CERT-In advised companies on three severe vulnerabilities in large network products. CERT-In stated in its first recommendation that vulnerabilities in products such as routers and e-mail/site administrators could allow an attacker to gain unauthorised access, execute random commands, and cause a denial of attack to the affected person’s service system. The vulnerabilities listed above on Cisco products are called “Security Bypass Vulnerability,” “Denial of Service Vulnerability,” and “Information Disclosure Vulnerability.”
