The system does not properly validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or the Secure Shell (SSH) public keys presented by the connected managed devices.
A remote user may be able to impersonate a managed device.
Cisco has assigned Cisco Bug ID CSCsf95930 to this vulnerability.
Cisco credits Jan Bervar from NIL Data Communications with reporting this vulnerability.
Impact: A remote user may be able to impersonate a managed device.
Solution: The vendor has issued a fixed version (4.2.3 (2403)).
The Cisco advisory is available.