Adobe and Cisco Release Patches for Recently Discovered CRITICAL Vulnerabilities

  • 107
  •  
  •  
  • 2
  •  
  •  
  •  
    109
    Shares

Both Cisco and Adobe have earlier this week released patches for vulnerabilities to their products

Cisco wireless VPN and router related products updates

Cisco dealt with CVE-2019-1663, a 9.8 CVSS scored flaw found in its wireless routers on selected models. The vulnerability allowed hackers to execute malicious codes on impacted device models remotely. Consequences of exploitation were detrimental to users of the device. For example, a hacker could gain access to users’ network effectively compromising it. The web-based management interface router models affected were:

1. Cisco RV110W Wireless-N VPN Firewall. Version 1.2.2.1 now has patch releases.
2. Cisco RV130W Wireless-N Multifunction VPN Router. Version 1.0.3.45 now has patches released.
3. RV215W Wireless-N VPN Router. Version 1.3.1.1 now has patches released.

Yu Zhang and Haoliang Lu of GeekPwn and T. of Pen Test Partners LLP, who discovered the flaw, found that a hacker could execute arbitrary code on the operating system of the devices, sending malicious HTTP requests as a privileged user. This was either through a LAN or remotely.

Adobe ColdFusion priority 1 patches released

Adobe, on the other hand, released updates to patch the recently found ColdFusion zero-day vulnerability known as CVE-2019-7816. Researchers Charlie Arehart, Moshe Ruzin, Josh Ford, Jason Solarek and Bridge Catalog Team discovered the vulnerability. Rated by Adobe as critical, it was exploited in the wild. Similarly to Cisco, it allowed for malicious codes to execute via an HTTP request to a web-accessible directory, bypassing initial file upload restrictions. The flaw existed because of the lack of validation processes of user-supplied input.

The following products were affected and consequently received patches:

1. ColdFusion 2018, version 2 and earlier
2. ColdFusion 2016, version 9 and earlier; and
3. ColdFusion 11, version 17 and earlier

ColdFusion, a development programme used to connect HTML pages to a database, further requires application of security configuration settings. Additionally, Adobe advised customers to review the Lockdown guides for each affected ColdFusion.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!