August 29, 2024 at 08:06AM Cisco released patches for multiple high and medium-severity vulnerabilities in its NX-OS software, including a high-severity flaw in DHCPv6 relay agent allowing remote unauthenticated attackers to cause a denial-of-service condition. The patches also address command injection and sandbox escape issues, as well as medium-severity bugs in APIC, affecting certain Cisco … Read more
August 9, 2024 at 07:54AM The US cybersecurity agency CISA warned about threat actors targeting improperly configured Cisco devices. Malicious actors abuse features like Smart Install to acquire system configuration files and exploit weak password types. Meanwhile, Cisco faces critical vulnerabilities in its IP phones, without releasing patches due to end-of-life products. Multiple exploits and … Read more
July 18, 2024 at 08:51AM Cisco has resolved a critical vulnerability (CVE-2024-20401) in Security Email Gateway (SEG) appliances, allowing attackers to add new users with root privileges and cause a permanent denial of service. The flaw involves an absolute path traversal weakness. Affected appliances running certain Cisco AsyncOS releases can be fixed with updated Content … Read more
July 18, 2024 at 06:42AM Cisco has released a patch for CVE-2024-20419, a critical vulnerability in Cisco Smart Software Manager (SSM) On-Prem. Attackers can change any user’s password, posing a significant threat to confidentiality and integrity. The bug affects SSM On-Prem and SSM Satellite. Organizations are advised to upgrade to unaffected versions and apply the … Read more
April 17, 2024 at 10:01AM Cisco’s Talos unit warns of mass brute-force attacks targeting VPN services, web application authentication interfaces, and SSH services. The attacks, originating from Tor exit nodes, use generic and valid usernames, affecting various services. Cisco observed a significant increase in these attacks and has added the associated IP addresses to its … Read more
March 28, 2024 at 09:12AM Cisco announced patches for multiple high-severity vulnerabilities in IOS and IOS XE software, including denial-of-service risks, privilege escalation, command injection, and protection bypass issues. The flaws could be exploited without authentication, potentially leading to serious consequences if not addressed promptly. Additional details can be found on Cisco’s security advisories page. … Read more
February 29, 2024 at 07:57AM Cisco released its semiannual FXOS and NX-OS security advisory bundle, which includes info on four vulnerabilities. Two high-severity flaws impact NX-OS software: CVE-2024-20321 allows remote attackers to perform a DoS attack, while CVE-2024-20267 could cause a DoS condition. Medium-severity flaws in FXOS and NX-OS software were also patched. Additional details … Read more
January 25, 2024 at 12:59PM A new critical bug (CVE-2024-20253, 9.9 CVSS) in Cisco UC/CC solutions poses an unauthenticated remote code execution risk. Attackers can exploit the bug through specially crafted messages, potentially leading to data breaches, service disruption, and unauthorized system access. Cisco has issued patches and recommended interim measures to mitigate the vulnerability. … Read more
January 25, 2024 at 09:41AM Cisco has issued a security bulletin warning of a critical remote code execution vulnerability, tracked as CVE-2024-20253, affecting several of its Unified Communications Manager and Contact Center Solutions products. The vulnerability could allow remote attackers to execute arbitrary code. The vendor recommends applying available security updates and implementing access control … Read more
January 11, 2024 at 09:21AM Cisco announced patches for a critical vulnerability (CVE-2024-20272) in Unity Connection, enabling remote exploitation without authentication. Versions 12.5.1.19017-4 and 14.0.1.14006-5 resolve this. Additionally, a medium-severity flaw (CVE-2024-20287) in the WAP371 access point’s discontinued model has a released exploit code. Cisco advises migration to Business 240AC AP and announced patches for … Read more