CISCO

Pierluigi Paganini September 06, 2018
Cisco fixes 32 security vulnerabilities in its products, including three critical flaws

Cisco has released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, including three critical flaws. Cisco released thirty security patch advisory to address a total of 32 security vulnerabilities in its products. The good news is that the tech giant is not aware of any exploitation of the addressed vulnerabilities […]

Pierluigi Paganini July 19, 2018
Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products

Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal testing. Two of these flaws could be exploited by a remote unauthenticated attacker to access […]

Pierluigi Paganini June 21, 2018
Cisco security updates address five critical issues in NX-OS Software

Cisco released security patches for more than 30 vulnerabilities, including five Critical arbitrary code execution issues affecting the NX-OS Software Cisco released security patches for more than 30 vulnerabilities including five Critical arbitrary code execution issues affecting the NX-API feature of NX-OS Software (CVE-2018-0301) and the Fabric Services component of FXOS Software and NX-OS Software […]

Pierluigi Paganini June 09, 2018
Cisco removed hardcoded credentials in WAAS software. Undocumented accounts are a frequent issue

Cisco has removed hardcoded credentials that were in Cisco Wide Area Application Services (WAAS), which is a software designed to optimize WAN traffic management. The hardcoded credentials (CVE-2018-0329) resides in the read-only SNMP community string in the configuration file of the SNMP daemon, they could be exploited by attackers to read any data that is accessible via […]

Pierluigi Paganini June 08, 2018
Cisco patches a critical vulnerability in Prime Collaboration Provisioning solution

Cisco fixed several flaws in the Prime Collaboration Provisioning product that allows customers to manage their communications services. Cisco released security patches to address severe vulnerabilities in Prime Collaboration Provisioning (PCP) solution, one of the issues was rated as critical. The vulnerabilities have been found by Cisco during internal security testing and there is no […]

Pierluigi Paganini May 18, 2018
CISCO issued security updates to address three critical flaws in Cisco DNA Center

Cisco has issued security updates to address three critical vulnerabilities in its DNA Center appliance, admins need to update their installs as soon as possible. Cisco has issued security updates to address three critical vulnerabilities in its Digital Network Architecture (DNA) Center appliance. The DNA Center is a network management and administration tool, experts discovered […]

Pierluigi Paganini April 23, 2018
CVE-2018-0229 flaw in SAML implementation threatens Firepower, AnyConnect and ASA products

Cisco has announced a set of security patches that address the CVE-2018-0229 vulnerability in its implementation of the Security Assertion Markup Language (SAML). The CVE-2018-0229 flaw could be exploited by an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. “A vulnerability in the implementation of Security […]

Pierluigi Paganini April 19, 2018
Rockwell Automation Allen-Bradley Stratix and ArmorStratix switches are exposed to hack due to Cisco IOS flaws

Rockwell Automation is warning that its Allen-Bradley Stratix and ArmorStratix industrial switches are exposed to hack due to security vulnerabilities in Cisco IOS. According to Rockwell Automation, eight flaws recently discovered recently in Cisco IOS are affecting its products which are used in many sectors, including the critical manufacturing and energy. The list of flaws includes […]

Pierluigi Paganini April 09, 2018
Vigilante hackers strike Russia and Iran Networks exploiting Cisco CVE-2018-0171 flaw

Last week, the hacking crew “JHT” launched a hacking campaign exploiting Cisco CVE-2018-0171 flaw against network infrastructure in Russia and Iran. Last week, the hacking crew “JHT” launched a hacking campaign against CISCO devices in Russian and Iranian networks. The hackers exploited the Cisco CVE-2018-0171 Smart Install to reset the routers to the startup-config and reboot […]

Pierluigi Paganini April 06, 2018
Cisco Smart Install Protocol misuse could expose critical infrastructure to attacks

Cisco PSIRT has published a new security advisory for abuse of the Smart Install protocol, the IT giant has identified hundreds of thousands of exposed devices online. Cisco is advising organizations that hackers could target its switches via the Smart Install protocol. The IT giant has identified hundreds of thousands of exposed devices and warned critical infrastructure […]