August 22, 2024 at 08:45AM Cisco announced patches for multiple vulnerabilities, including a high-severity bug in its collaboration solutions impacting SIP call processing. The bug can cause a denial-of-service condition, but patches are available for affected versions. Additionally, medium-severity bugs were found in Identity Services Engine, Unified CM, and Unified CM SME, with workarounds provided. … Read more
July 18, 2024 at 03:30PM Cisco has issued a patch for a critical vulnerability, CVE-2024-20419, enabling unauthorized password changes. The CVSS rating of 10 underlines the severity, with low attack complexity and high product impact. SSM On-Prem and SSM Satellite are affected, and no workarounds exist. Users in sensitive sectors are urged to promptly apply … Read more
July 18, 2024 at 06:42AM Cisco has released a patch for CVE-2024-20419, a critical vulnerability in Cisco Smart Software Manager (SSM) On-Prem. Attackers can change any user’s password, posing a significant threat to confidentiality and integrity. The bug affects SSM On-Prem and SSM Satellite. Organizations are advised to upgrade to unaffected versions and apply the … Read more
July 2, 2024 at 09:22AM Cisco has patched a command-line injection flaw (CVE-2024-20399, CVSS 6.0) in its NX-OS software, used for managing switches in data centers. The flaw can allow authenticated attackers to execute arbitrary commands as root. It has been exploited by the China-backed threat group Velvet Ant. Cisco has released updates to patch … Read more
March 28, 2024 at 09:12AM Cisco announced patches for multiple high-severity vulnerabilities in IOS and IOS XE software, including denial-of-service risks, privilege escalation, command injection, and protection bypass issues. The flaws could be exploited without authentication, potentially leading to serious consequences if not addressed promptly. Additional details can be found on Cisco’s security advisories page. … Read more
March 7, 2024 at 09:34AM Cisco announced patches for two high-severity vulnerabilities in Secure Client VPN application, impacting Linux, macOS, and Windows versions. The first issue, tracked as CVE-2024-20337, could be exploited remotely without authentication, while the second bug, tracked as CVE-2024-20338, affects only Secure Client for Linux and requires authentication. Cisco also addressed multiple … Read more
February 29, 2024 at 07:57AM Cisco released its semiannual FXOS and NX-OS security advisory bundle, which includes info on four vulnerabilities. Two high-severity flaws impact NX-OS software: CVE-2024-20321 allows remote attackers to perform a DoS attack, while CVE-2024-20267 could cause a DoS condition. Medium-severity flaws in FXOS and NX-OS software were also patched. Additional details … Read more
January 26, 2024 at 12:57AM Cisco has released patches for a critical security flaw (CVE-2024-20253) affecting Unified Communications and Contact Center Solutions products, allowing an attacker to execute arbitrary code. The flaw impacts various products including Unified Communications Manager and Unity Connection. Users are advised to set up access control lists while awaiting updates. Cisco … Read more
October 23, 2023 at 06:21PM Cisco has released a patch for a critical bug in its IOS XE software that allowed criminals to exploit thousands of devices. However, the patch seems to be ineffective as the attackers have updated their implants to evade detection. A new variant of the implant hinders identification of compromised systems. … Read more
October 20, 2023 at 04:12PM Cisco is set to release a patch on October 22 for two zero-day vulnerabilities in its IOS XE devices. One vulnerability, discovered earlier, had already been exploited to compromise over 10,000 devices. A second flaw, identified later, is being used in the same exploit chain. Exploitation is expected to continue … Read more