Cisco Fixes CVSS 10.0 Remote Code Execution Flaw in Secure Firewall Management Center Requiring RADIUS; Xerox Patches FreeFlow Core Bugs
Cisco has addressed a maximum-severity security vulnerability in its Secure Firewall Management Center (FMC) that could allow remote code execution (RCE). The flaw, rated CVSS 10.0, enables attackers to execute commands with high privileges without requiring login credentials, provided that RADIUS authentication is enabled. Cisco has urged users to apply patches promptly as there are no available workarounds. This vulnerability has been widely reported by cybersecurity outlets including The Hacker News, Security Affairs, and CyberScoopNews. Separately, Xerox patched two vulnerabilities in its FreeFlow Core software, including a critical path traversal bug that could also lead to remote code execution, according to Horizon3ai.
Sources
The Register
Cisco's Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole https://t.co/MiHFY8ncJK
SC Media.@Xerox patched two flaws in its FreeFlow Core software, including a critical path traversal bug that could lead to remote code execution (RCE), @Horizon3ai reported. #cybersecurity #infosec #ITsecurity https://t.co/J6Y8taOQH6
CyberScoop - @cyberscoop.bsky.social Cisco discloses maximum-severity defect in firewall software https://t.co/mhbcQwTdAl