Vulnerability Spotlight: Multiple Vulnerabilities in Cesanta Mongoose Server

October 31, 2017 - 0 Comments

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos

Today, Talos is disclosing several vulnerabilities that have been identified in Cesanta Mongoose server.

Cesanta Mongoose is a library implementing a number of networking protocols, including HTTP, MQTT, MDNS and others. It is designed with embedded devices in mind and as such is used in many IoT devices and runs on virtually all popular IoT platforms. The small size of the software enables any Internet-connected device to function as a web server. Mongoose is available under GPL v2 and commercial licenses.

All discovered vulnerabilities are fixed in version 6.10 of the library.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.