CISCO

Pierluigi Paganini October 17, 2019
Critical and high-severity flaws addressed in Cisco Aironet APs

A critical flaw in Aironet access points (APs) can be exploited by a remote attacker to gain unauthorized access to vulnerable devices. Cisco disclosed a critical vulnerability in Aironet access points (APs), tracked as CVE-2019-15260, that can be exploited by a remote, unauthenticated attacker to gain unauthorized access to vulnerable devices with elevated privileges. This vulnerability […]

Pierluigi Paganini September 01, 2019
Cisco addresses CVE-2019-12643 critical flaw in virtual Service Container for IOS XE

Cisco released security updates for Cisco IOS XE operating system to address a critical vulnerability that could be exploited by a remote attacker to bypass authentication. Cisco released security updates for Cisco IOS XE OS to address a critical flaw, tracked as CVE-2019-12643, that could be exploited by a remote attacker to bypass authentication. “On […]

Pierluigi Paganini August 29, 2019
Expert releases Metasploit modules for Cisco UCS flaws

An expert published technical details of recently disclosed Cisco Unified Computing System (UCS) flaws that can be exploited to take complete control of vulnerable systems. Security researcher Pedro Ribeiro, aka “bashis,” has released the details of three the recently addressed vulnerabilities in the Cisco Unified Computing System (UCS) products along with Metasploit modules for their exploitation. […]

Pierluigi Paganini August 23, 2019
Cisco warns of the availability of public exploit code for critical flaws in Cisco Small Business switches

Cisco provided updates for security advisories for three flaws affecting Cisco Small Business 220 Series Smart Switches patched in early August. Cisco has updated security advisories for three vulnerability in Cisco Small Business 220 Series Smart Switches that have been patched in early August. The three vulnerabilities were reported by the security researcher Pedro Ribeiro, […]

Pierluigi Paganini August 22, 2019
Cisco addressed several vulnerabilities in UCS products

Cisco released security patches to address 17 critical and high-severity vulnerabilities affecting some Cisco Unified Computing products (UCS and IMC). Cisco has released security fixes to address 17 critical and high-severity vulnerabilities affecting some Cisco Unified Computing products. Most of the flaws affect the Integrated Management Controller (IMC) that is a baseboard management controller that […]

Pierluigi Paganini August 08, 2019
Cisco addressed critical flaws in Cisco Small Business 220 Series Smart Switches

Cisco has released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches. Cisco released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches, including two critical issues. The most important flaw, tracked as CVE-2019-1913, could be exploited by an unauthenticated, remote attacker to execute arbitrary code with […]

Pierluigi Paganini August 01, 2019
Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov

Cisco is going to pay $8.6 million to settle a legal dispute for selling vulnerable software to the US government. Back in 2008, a whistle-blower identifies a vulnerability in Cisco video surveillance software, but the tech giant continued to sell the software to US agencies until July 2013. The case was filed in the Federal […]

Pierluigi Paganini May 17, 2019
Cisco addressed a critical flaw in networks management tool Prime Infrastructure

Cisco had issued security updates to address 57 security flaw, including three flaws in networks management tool Prime Infrastructure. One of the flaws addressed by Cisco in the Prime Infrastructure management tool could be exploited by an unauthenticated attacker to execute arbitrary code with root privileges on PI devices. “Multiple vulnerabilities in the web-based management […]

Pierluigi Paganini May 14, 2019
Thrangrycat flaw could allow compromising millions of Cisco devices

Security firm Red Balloon discovered a severe vulnerability dubbed Thrangrycat, in Cisco products that could be exploited to an implant persistent backdoor in many devices. Experts at Red Balloon Security disclosed two vulnerabilities in Cisco products. The first issue dubbed Thrangrycat, and tracked as CVE-2019-1649, affects multiple Cisco products that support Trust Anchor module (TAm). The issue […]

Pierluigi Paganini May 08, 2019
Cisco addresses a critical flaw in Elastic Services Controller

Cisco released security updates to address a critical vulnerability in its virtualized function automation tool Elastic Services Controller (ESC). Cisco has released security updates to address a critical vulnerability affecting its virtualized function automation tool, Cisco Elastic Services Controller (ESC). The flaw could be exploited by a remote attacker could be exploited by an unauthenticated, […]