Government Guidance on Chinese Telco Hacking Highlights Threat to Cisco Devices

December 4, 2024 at 08:03AM US, Canada, Australia, and New Zealand agencies issued guidance to improve communication infrastructure security against China-linked cyber threats. Recommendations focus on enhancing network visibility, hardening devices, and specific advice for Cisco systems following espionage attacks targeting telecom providers. Agencies report uncertainty about the full extent of these threats. **Meeting Takeaways:** … Read more

Cisco bug lets hackers run commands as root on UWRB access points

November 6, 2024 at 02:38PM Cisco has resolved a critical vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul access points, allowing unauthorized command execution with root privileges via a web interface. The flaw affects certain Catalyst access points with vulnerable software. Cisco’s security teams found no evidence of exploitation so far. ### Meeting Notes Takeaways: 1. … Read more

New Cisco ASA and FTD features block VPN brute-force password attacks

October 26, 2024 at 01:44PM Cisco has implemented new security features for ASA and Firepower Threat Defense to combat brute-force and password spray attacks, enhancing network protection and resource efficiency. The update allows admins to configure settings to block repeated failed login attempts and other malicious connection attempts, significantly reducing successful attack rates. ### Meeting … Read more

Emergency patch: Cisco fixes bug under exploit in brute-force attacks

October 24, 2024 at 02:26PM Cisco has patched a medium-severity security flaw (CVE-2024-20481) in its ASA and FTD software, exploited through brute-force attacks leading to resource exhaustion in devices with remote access VPN enabled. The vulnerability is included in CISA’s Known Exploited Vulnerabilities Catalog, and Cisco urges users to apply updates promptly. ### Meeting Takeaways: … Read more

Cisco fixes VPN DoS flaw discovered in password spray attacks

October 24, 2024 at 02:13PM Cisco addressed a denial of service vulnerability (CVE-2024-20481) affecting its ASA and FTD software, discovered during large-scale brute-force attacks. This flaw allows unauthenticated remote attackers to exhaust resources of the RAVPN service. Cisco also issued advisories for 42 other vulnerabilities, urging immediate patching. ### Meeting Takeaways 1. **Vulnerability Fix:** – … Read more

Cisco Confirms Security Incident After Hacker Offers to Sell Data

October 21, 2024 at 08:11AM Cisco confirmed a security incident involving stolen files from its DevHub environment after a hacker attempted to sell the information. The company is addressing the situation following the breach. **Meeting Notes Summary:** 1. **Incident Confirmation**: Cisco has acknowledged that a security breach occurred, resulting in the theft of certain files … Read more

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

September 5, 2024 at 12:58AM Cisco has issued security updates to address critical flaws in its Smart Licensing Utility and Identity Services Engine (ISE). Affecting versions 2.0.0, 2.1.0, and 2.2.0, the flaws could enable unauthenticated, remote attackers to elevate privileges or access sensitive information. Additionally, a command injection vulnerability in ISE versions 3.2 and 3.3 … Read more

Cisco warns of backdoor admin account in Smart Licensing Utility

September 4, 2024 at 12:59PM Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that allowed unauthorized access to unpatched systems with administrative privileges. Based on the meeting notes, the key takeaway is that Cisco has eliminated a backdoor account in the Cisco Smart Licensing Utility (CSLU), preventing unauthorized access to … Read more

Cisco Patches Multiple NX-OS Software Vulnerabilities

August 29, 2024 at 08:06AM Cisco released patches for multiple high and medium-severity vulnerabilities in its NX-OS software, including a high-severity flaw in DHCPv6 relay agent allowing remote unauthenticated attackers to cause a denial-of-service condition. The patches also address command injection and sandbox escape issues, as well as medium-severity bugs in APIC, affecting certain Cisco … Read more

Exploit released for Cisco SSM bug allowing admin password changes

August 8, 2024 at 03:02PM Exploit code for a critical vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) is now available, allowing attackers to change any user password. The company warns of the availability of proof-of-concept exploit code but has not found evidence of attacks in the wild. Administrators must upgrade affected systems … Read more