The recent vulnerability discovered at Cisco by the researchers at Embedi is an ideal example of neglection. We all are aware that no code is the perfect code, therefore, with an increasing rate of cyber attacks, Cisco’s products were majorly at risk until Cisco released new security updates that will fix the growing concerns of vulnerability, that may have allowed the remote attackers to take control over affected systems.
RCE (Remote Code Execution) and DoS (Denial of Service) were two of the four major systems that will be provided with the solution with the new updates from Cisco. The other systems, ID (Information Disclosure) and XSS (Cross Site-Scripting) were also among the affected ones.
Embedi released details of the attack after Cisco released its updates to fix the threats.
The DoS vulnerability was primarily a result of lack of controls for certain memory operation systems. However, The RCE concerns were caused due to an improper validation of files that were uploaded to the affected applications.
Cisco disclosed in their release.