CISA Adds Cisco Smart Licensing Utility Flaw to Known Exploited Vulnerabilities Catalog

US CISA Adds Cisco Smart Licensing Utility Flaw to Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw in Cisco's Smart Licensing Utility to its catalog of known exploited vulnerabilities. The vulnerability, identified as CVE-2022-20825, is a command injection flaw that could allow an unauthenticated, remote attacker to execute arbitrary commands on the affected system.

The vulnerability was discovered by security researchers at Cisco and was reported to CISA on February 22, 2022. Cisco has since released a patch to address the issue, but the CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog due to its potential to be exploited by malicious actors.

The KEV catalog is a list of vulnerabilities that are known to be exploited by attackers and are considered to be of high risk to federal agencies and other organizations. The catalog is used by federal agencies to identify and remediate vulnerabilities in their systems.

CISA has directed federal agencies to take immediate action to address the vulnerability, including applying the available patch and implementing additional security measures to prevent exploitation.

The addition of the Cisco Smart Licensing Utility flaw to the KEV catalog highlights the importance of keeping software up to date and implementing robust security measures to prevent exploitation of known vulnerabilities.

In related news, Cisco has also released a patch for another vulnerability in its Smart Licensing Utility, identified as CVE-2022-20826. This vulnerability is an authentication bypass flaw that could allow an attacker to access the affected system without proper authentication. Cisco has urged customers to apply the patch as soon as possible to prevent exploitation of the vulnerability.