Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs


This week, Cisco released updates for serious flaws affecting its Industrial Network Director and Modelling Labs products. Industrial Network Director (IND), which is intended for industrial network administration, offers insight into network and automation devices.

On Wednesday, Cisco disclosed remedies for a significant vulnerability that could be remotely exploited to issue commands on the underlying operating system and affect the web interface of IND. The problem, identified as CVE-2023-20036 (with a CVSS score of 9.9), exists as a result of improper input validation during device pack upload. The upload request may be changed, and an authorised attacker could run administrative commands.

Read More…