February 29, 2024 at 07:57AM Cisco released its semiannual FXOS and NX-OS security advisory bundle, which includes info on four vulnerabilities. Two high-severity flaws impact NX-OS software: CVE-2024-20321 allows remote attackers to perform a DoS attack, while CVE-2024-20267 could cause a DoS condition. Medium-severity flaws in FXOS and NX-OS software were also patched. Additional details … Read more
February 7, 2024 at 01:30PM Cisco has addressed critical vulnerabilities in its Expressway Series gateways through patches, mitigating the risk of cross-site request forgery (CSRF) attacks. These security flaws could allow attackers to remotely target and manipulate vulnerable systems. Expressway Series devices with default configurations are impacted by the vulnerabilities, prompting the need for migration … Read more
January 25, 2024 at 12:59PM A new critical bug (CVE-2024-20253, 9.9 CVSS) in Cisco UC/CC solutions poses an unauthenticated remote code execution risk. Attackers can exploit the bug through specially crafted messages, potentially leading to data breaches, service disruption, and unauthorized system access. Cisco has issued patches and recommended interim measures to mitigate the vulnerability. … Read more
January 25, 2024 at 09:41AM Cisco has issued a security bulletin warning of a critical remote code execution vulnerability, tracked as CVE-2024-20253, affecting several of its Unified Communications Manager and Contact Center Solutions products. The vulnerability could allow remote attackers to execute arbitrary code. The vendor recommends applying available security updates and implementing access control … Read more
January 11, 2024 at 09:21AM Cisco announced patches for a critical vulnerability (CVE-2024-20272) in Unity Connection, enabling remote exploitation without authentication. Versions 12.5.1.19017-4 and 14.0.1.14006-5 resolve this. Additionally, a medium-severity flaw (CVE-2024-20287) in the WAP371 access point’s discontinued model has a released exploit code. Cisco advises migration to Business 240AC AP and announced patches for … Read more
January 11, 2024 at 04:01AM Cisco has issued software updates to address a critical security flaw (CVE-2024-20272 – CVSS score: 7.3) in Unity Connection, allowing arbitrary file upload and execution of commands. Users are advised to update to patched versions to mitigate potential threats. Additionally, 11 medium-severity vulnerabilities have been resolved across Cisco software. Cisco … Read more
January 10, 2024 at 03:46PM Cisco has addressed a critical security flaw in Unity Connection, preventing unauthenticated attackers from gaining root privileges remotely. The vulnerability (CVE-2024-20272) allows execution of commands on the operating system by uploading arbitrary files. Additionally, Cisco patched ten medium-severity vulnerabilities in various products, including a command injection flaw in the WAP371 … Read more
January 3, 2024 at 06:18AM A new exploitation technique called SMTP smuggling allows threat actors to send malicious emails with fake sender addresses, bypassing security measures. The method exploits vulnerabilities in messaging servers from Microsoft, GMX, and Cisco, impacting SMTP implementations from Postfix and Sendmail. Cisco users are advised to change settings to avoid receiving … Read more