Suppose your company uses Cisco’s Smart Licensing Utility or Identify Services Engine. In that case, you must know two critical security patches and one medium security update. Without these key software updates, criminals can log in to or take over your device to steal data, access sensitive information, and escalate their privileges to wreak more havoc.
Cisco patches critical flaws to ensure network security, even when there aren’t any documented incidents related to them. This is the case with these software updates. Researchers discovered the flaws during internal testing and issued the vulnerability patch to prevent future problems.
Why Cisco Issued the Patch
The Smart License Utility helps businesses activate and manage Cisco software licenses. The latest Cisco bug fix addresses SLU versions 2.0.0, 2.1.0, and 2.2.0 vulnerabilities. Version 2.3.0 does not require the patch. However, because there isn’t a workaround to the issue, Cisco recommends updating your SLU to version 2.3.0, which includes the patches.
The security update eliminates two critical issues. The first is a security vulnerability that could allow a hacker to exploit a static user credential and access the network. The second is a problem in a debug file code, which a hacker could use to steal administrator credentials and perform remote code execution.
Either of these security flaws can become the source of a significant security breach, and it’s important to take immediate action to install the patches. A hacker does not have to use them together to access your system and can exploit one another. However, both require a user to launch the SLU and run it for a cybercriminal to exploit either weakness.
Addressing Additional Concerns
The third update from Cisco patches critical flaws in the Identity Services Engine. This tool helps companies enforce their network security policies. This issue prevented the ISE from adequately validating user credentials, which could allow attackers to leverage malicious code to access the network at the root level for privilege escalation.
However, exploiting this particular security vulnerability requires the attacker to have administrator privileges already, so it’s a slightly lesser concern than the issues with the SLU. The patch will be present in the upcoming Cisco Identity Services Engine versions 3.2P7 and 3.3P4 releases in September and October of 2024.
As with the critical security issues, there aren’t any documented instances of hackers exploiting this vulnerability in the wild. However, Cisco is aware of proof-of-concept from independent researchers and opted to patch the critical flaws.
Preventing Attacks on Your Cisco Networks
In the same security update, Cisco released patches for other vulnerabilities. The tech giant released a patch to solve a code execution bug in the Meraki Systems Agent Manager for Windows and one to fix flaws in the Expressway Edge and Duo Epic for Hyperdrive.
When Cisco patches critical flaws like these, updating your network should be a priority. The longer you wait to install the updates, the more opportunities threat actors have to exploit them and compromise your cybersecurity. Do your research and stay on top of updates to avoid problems.