CISCO

Pierluigi Paganini July 02, 2025
Cisco removed the backdoor account from its Unified Communications Manager

Digital communications technology giant Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). A flaw, tracked as CVE-2025-20309 (CVSS score of 10), in Cisco Unified Communications Manager and its Session Management Edition lets remote attackers log in using hardcoded root credentials set during development. Cisco Unified Communications Manager (CUCM) is a call […]

Pierluigi Paganini June 26, 2025
Cisco fixed critical ISE flaws allowing Root-level remote code execution

Cisco released patches to address two critical vulnerabilities in ISE and ISE-PIC that could let remote attackers execute to code as root. Cisco addressed two critical vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow remote, unauthenticated attackers to execute arbitrary code with root […]

Pierluigi Paganini June 02, 2025
Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188

Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188, impacting Cisco IOS XE WLC are now public, raising the risk of exploitation. In early May, Cisco released software updates to address the vulnerability CVE-2025-20188 […]

Pierluigi Paganini May 08, 2025
Cisco fixed a critical flaw in its IOS XE Wireless Controller

Cisco addressed a flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files. Cisco released software updates to address a vulnerability, tracked as CVE-2025-20188 (CVSS score 10), in IOS XE Wireless Controller. An unauthenticated, remote attacker can exploit the flaw to load arbitrary files to a vulnerable system. […]

Pierluigi Paganini March 15, 2025
Cisco IOS XR flaw allows attackers to crash BGP process on routers

Cisco addressed a denial of service (DoS) vulnerability that allows attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers. Cisco has addressed a denial of service (DoS) vulnerability, tracked as CVE-2025-20115, that could allow an unauthenticated, remote attacker to crash the Border Gateway Protocol (BGP) process on IOS XR routers by sending a single BGP […]

Pierluigi Paganini February 28, 2025
Cisco fixed command injection and DoS flaws in Nexus switches

Cisco addressed command injection and denial-of-service (DoS) vulnerabilities in some models of its Nexus switches. Cisco released security updates to address command injection and DoS vulnerabilities in Nexus switches, including a high-severity flaw. The most severe issue, tracked as CVE-2025-20111 (CVSS Score of 7.4), resides in the health monitoring diagnostics of Cisco Nexus 3000 Series […]

Pierluigi Paganini February 06, 2025
Cisco addressed two critical flaws in its Identity Services Engine (ISE)

Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes. Cisco addressed multiple vulnerabilities, including two critical remote code execution flaws, tracked as CVE-2025-20124 (CVSS score of 9.9) and CVE-2025-20125 (CVSS score of 9.1), in Identity Services Engine (ISE). A remote attacker authenticated with read-only administrative privileges could exploit the […]

Pierluigi Paganini January 23, 2025
Cisco addresses a critical privilege escalation bug in Meeting Management

Cisco addressed a critical flaw in its Meeting Management that could allow it to gain administrator privileges on vulnerable instances. Cisco released security updates to fix a critical flaw, tracked as CVE-2025-20156 (CVSS score of 9.9) affecting its Meeting Management. A remote, authenticated attacker can exploit the vulnerability to gain administrator privileges on affected instances. […]

Pierluigi Paganini December 06, 2024
Hundred of CISCO switches impacted by bootloader flaw

A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature checks. Cisco released security patches for a vulnerability, tracked as CVE-2024-20397 (CVSS score of 5.2), in the NX-OS software’s bootloader that could be exploited by attackers to bypass image signature verification. “A vulnerability in the bootloader of Cisco NX-OS Software could […]

Pierluigi Paganini December 03, 2024
The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited in the wild. Cisco warns that the decade-old ASA vulnerability CVE-2014-2120 is being actively exploited in attacks in the wild, and urges customers to review the updated advisory. The vulnerability resides in the WebVPN login page of Cisco Adaptive Security […]