Cisco

Citrix, Cisco, Fortinet Zero-Days Among 2023s Most Exploited Vulnerabilities

by

November 13, 2024 at 10:54AM In 2023, many of the most frequently exploited vulnerabilities were initially zero-day vulnerabilities, as reported by government agencies. Notable companies affected included Citrix, Cisco, and Fortinet, highlighting ongoing security challenges organizations face in protecting their systems. ### Meeting Notes Takeaways: 1. **Top Exploits of 2023**: Most frequently exploited vulnerabilities this … Read more

Cisco Bug Could Lead to Command Injection Attacks

by

November 7, 2024 at 04:47PM Cisco has identified a vulnerability in its Unified Industrial Wireless Software for URWB access points, potentially allowing remote attackers to execute command injection attacks. Affected models include Catalyst IW9165D, IW9165E, and IW9167E with URWB mode enabled. Cisco has released a fix, though there’s no known public exploitation of the issue. … Read more

Cisco Patches Critical Vulnerability in Industrial Networking Solution

by

November 7, 2024 at 07:30AM Cisco has patched a critical vulnerability in its Unified Industrial Wireless software that could enable remote, unauthenticated attackers to execute commands with root privileges. The issue poses significant security risks to the affected systems. **Meeting Notes Takeaways:** – A critical vulnerability has been identified in Cisco Unified Industrial Wireless software. … Read more

Cisco says DevHub site leak won’t enable future breaches

by

November 4, 2024 at 04:16AM Cisco confirmed that non-public files downloaded by a threat actor from a misconfigured DevHub portal do not pose a risk for future breaches. While some CX Professional Services customer files were exposed, no financial or personal data was compromised. The company has since corrected the configuration and restored access. **Meeting … Read more

Cisco ASA, FTD Software Under Active VPN Exploitation

by

October 24, 2024 at 11:59AM Cisco has quickly released a patch for a medium-severity DoS vulnerability (CVE-2024-20481) in its VPN software, which is actively exploited. The flaw allows attackers to overload the system with authentication requests. Cisco advises updating software and implementing security measures to mitigate risks, as no workarounds are available. ### Meeting Takeaways … Read more

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

by

October 24, 2024 at 09:03AM Cisco released updates for a critical security flaw (CVE-2024-20481) in its Adaptive Security Appliance, impacting the Remote Access VPN service. Exploitation may cause a denial-of-service (DoS). Cisco advises enabling logging and threat detection as preventive measures against brute-force attacks, while also addressing three additional vulnerabilities in its software. ### Meeting … Read more

Cisco takes DevHub portal offline after hacker publishes stolen data

by

October 18, 2024 at 06:24PM Cisco has taken its public DevHub portal offline due to a leak of “non-public” data by a threat actor. However, the company maintains that there is no evidence of a system breach. Here are the key takeaways from the meeting notes: 1. **DevHub Portal Taken Offline**: Cisco has removed its … Read more

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

by

October 17, 2024 at 07:53AM Cisco has issued patches for various vulnerabilities in ATA 190 series firmware, including two high-severity issues. This action addresses security concerns to enhance the protection of the devices. The updates were reported by SecurityWeek. **Meeting Takeaways:** 1. **Cisco Vulnerabilities Addressed**: Cisco has released patches for multiple vulnerabilities in the ATA … Read more

Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC

by

September 26, 2024 at 11:13AM Cisco Talos disclosed critical and high-severity vulnerabilities in OpenPLC, an open source programmable logic controller designed for industrial automation and research. These can be exploited for DoS attacks and remote code execution using specially crafted EtherNet/IP requests. The vulnerabilities were patched on September 17, and users are advised to update … Read more

Cisco Patches High-Severity Vulnerabilities in Network Operating System

by

September 12, 2024 at 07:47AM Cisco announced patches for eight vulnerabilities in the IOS XR network operating system, including fixes for six high-severity bugs. The most severe flaws allow privilege escalation and remote DoS attacks. Two high-severity flaws affecting the Routed Passive Optical Network (PON) controller software could be exploited for command injection. Cisco plans … Read more