This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Researchers at Rapid7 have unearthed three highly critical security flaws in Akkadian Provisioning Manager, a third-party provisioning tool within Cisco Unified Communications environments that can be chained together to enable remote code execution (RCE) with elevated privileges.
Cisco’s UC suite allows VoIP and online video communications across enterprise footprints. The Akkadian products are equipment that is generally employed in huge enterprises to enable handle the method of provisioning and configuring all of the UC clientele and scenarios, via automation.
The flaws present in version 4.50.18 of the Akkadian edition, are as follows:
•CVE-2021-31579: Use of tough-coded credentials (ranking 8.2 out of 10 on the CVSS vulnerability-severity scale)
•CVE-2021-31580 and CVE-2021-31581: Improper neutralization of specific components used in an OS command (using exec and vi commands, respectively; ranking 7.9)
•CVE-2021-31582: Publicity of sensitive information t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Three Unpatched Bugs Spotted in Third-Party Provisioning Platform