July 2, 2024 at 09:22AM Cisco has patched a command-line injection flaw (CVE-2024-20399, CVSS 6.0) in its NX-OS software, used for managing switches in data centers. The flaw can allow authenticated attackers to execute arbitrary commands as root. It has been exploited by the China-backed threat group Velvet Ant. Cisco has released updates to patch … Read more
March 28, 2024 at 09:12AM Cisco announced patches for multiple high-severity vulnerabilities in IOS and IOS XE software, including denial-of-service risks, privilege escalation, command injection, and protection bypass issues. The flaws could be exploited without authentication, potentially leading to serious consequences if not addressed promptly. Additional details can be found on Cisco’s security advisories page. … Read more
March 7, 2024 at 09:34AM Cisco announced patches for two high-severity vulnerabilities in Secure Client VPN application, impacting Linux, macOS, and Windows versions. The first issue, tracked as CVE-2024-20337, could be exploited remotely without authentication, while the second bug, tracked as CVE-2024-20338, affects only Secure Client for Linux and requires authentication. Cisco also addressed multiple … Read more
February 29, 2024 at 07:57AM Cisco released its semiannual FXOS and NX-OS security advisory bundle, which includes info on four vulnerabilities. Two high-severity flaws impact NX-OS software: CVE-2024-20321 allows remote attackers to perform a DoS attack, while CVE-2024-20267 could cause a DoS condition. Medium-severity flaws in FXOS and NX-OS software were also patched. Additional details … Read more
January 26, 2024 at 12:57AM Cisco has released patches for a critical security flaw (CVE-2024-20253) affecting Unified Communications and Contact Center Solutions products, allowing an attacker to execute arbitrary code. The flaw impacts various products including Unified Communications Manager and Unity Connection. Users are advised to set up access control lists while awaiting updates. Cisco … Read more
October 23, 2023 at 06:21PM Cisco has released a patch for a critical bug in its IOS XE software that allowed criminals to exploit thousands of devices. However, the patch seems to be ineffective as the attackers have updated their implants to evade detection. A new variant of the implant hinders identification of compromised systems. … Read more
October 20, 2023 at 04:12PM Cisco is set to release a patch on October 22 for two zero-day vulnerabilities in its IOS XE devices. One vulnerability, discovered earlier, had already been exploited to compromise over 10,000 devices. A second flaw, identified later, is being used in the same exploit chain. Exploitation is expected to continue … Read more