CISCO

Pierluigi Paganini January 13, 2022
Cisco fixes a critical flaw in Unified CCMP and Unified CCDM

Cisco fixed a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified CCMP and Unified CCDM. Cisco released security patches to address a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM). A remote attacker could exploit the flaw to elevate […]

Pierluigi Paganini November 04, 2021
Cisco warns of hard-coded credentials and default SSH key issues in some products

Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys. The first flaw fixed by […]

Pierluigi Paganini September 24, 2021
Cisco addresses 3 critical vulnerabilities in IOS XE Software

Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers. The most severe of these vulnerabilities is a Remote Code Execution Vulnerability, tracked as CVE-2021-34770, […]

Pierluigi Paganini September 11, 2021
Cisco released security patches for High-Severity flaws in IOS XR software

Cisco fixed multiple high-severity flaws in the IOS XR software that can allow attackers to trigger a DoS condition, elevate privileges, overwrite/read arbitrary files. Cisco released security updates to address multiple high-severity vulnerabilities in the IOS XR software that can be exploited to conduct multiple malicious activities, such as rebooting devices and elevate privileges. The […]

Pierluigi Paganini September 02, 2021
Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists

Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code is available. Cisco announced the availability of security patches for a critical authentication bypass flaw (CVE-2021-34746) in Enterprise NFV Infrastructure Software (NFVIS) for which proof-of-concept exploit code is already available. An attacker can exploit the […]

Pierluigi Paganini August 20, 2021
Cisco warns of Server Name Identification data exfiltration flaw in multiple products

Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns. Cisco warns of a vulnerability in Server Name Identification (SNI) request filtering that affects multiple products (Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine) that could be exploited […]

Pierluigi Paganini August 19, 2021
Cisco will not patch critical flaw CVE-2021-34730 in EoF routers

Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W routers Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small business RV110W, RV130, RV130W, and RV215W routers. The CVE-2021-34730 flaw resides in the Universal Plug-and-Play (UPnP) service […]

Pierluigi Paganini August 08, 2021
A zero-day RCE in Cisco ASDM has yet to be fixed

A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher disclosed in July has yet to be addressed. Cisco provided an update on a remote code execution (RCE) vulnerability (CVE-2021-1585) in the Adaptive Security Device Manager (ASDM) Launcher, the IT giant confirmed that the flaw has yet to be addressed. […]

Pierluigi Paganini August 03, 2021
Cisco fixed Remote Code Execution issue in Firepower Device Manager On-Box software

Cisco addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that allows attackers to execute arbitrary code on vulnerable devices. Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software, tracked as CVE-2021-1518, that could be exploited by an attacker to execute arbitrary code on vulnerable devices. FDM On-Box allows […]

Pierluigi Paganini July 09, 2021
Cisco fixes High Severity issue in BPA and WSA

Cisco addresses high severity privilege escalation vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks. Cisco released security patches for high severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks. The IT giant fixed two flaws […]