Assess exposure to multiple vulnerabilities in Cisco products to find solutions, NCC-CSIRT advises users

By Adeleye Kunle

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has issued an advisory for users to frequently review alerts for Cisco products to assess their exposure and find a comprehensive update solution.

The advisory, which also recommended using the appropriate software updates that are accessible from the vendor website, followed the identification of multiple vulnerabilities in Cisco Products, especially the Cisco AnyConnect Secure Mobility Client for Windows, which enables employees to access company servers from anywhere without compromising security.

The two vulnerabilities made it possible for a remote attacker exploit to trigger remote code execution and data manipulation on the targeted system.

According to the advisory, “The weaknesses in the product include uncontrolled search path and Dynamic Link Library (DLL) hijacking vulnerabilities. The uncontrolled search path vulnerability results from incorrect handling of directory paths. A directory path is a string of characters used to uniquely identify a location in a folder structure.

“This flaw could be exploited by an attacker by generating a malicious file and copying it to a system directory (folder). An exploit could enable the attacker to copy malicious files with system-level privileges to any location. The attacker needs legitimate Windows system credentials to exploit this vulnerability