CISCO

Pierluigi Paganini March 29, 2024
Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company published a document containing recommendations against password spray attacks aimed at Remote […]

Pierluigi Paganini March 28, 2024
Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to trigger a denial-of-service (DoS) condition. Cisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several issues fixed by the IT giant to cause a denial-of-service (DoS) condition. Below are the […]

Pierluigi Paganini March 08, 2024
Cisco addressed severe flaws in its Secure Client

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. Cisco Secure Client is a security tool developed by Cisco that provides VPN (Virtual Private Network) access […]

Pierluigi Paganini February 17, 2024
CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) in attacks in the wild. This week the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2020-3259 is an information disclosure issue that resides […]

Pierluigi Paganini January 25, 2024
Cisco warns of a critical bug in Unified Communications products, patch it now!

Cisco addressed a critical flaw in its Unified Communications and Contact Center Solutions products that could lead to remote code execution. Cisco released security patches to address a critical vulnerability, tracked as CVE-2024-20253 (CVSS score of 9.9), impacting multiple Unified Communications and Contact Center Solutions products. An unauthenticated, remote attacker can exploit the flaw to […]

Pierluigi Paganini January 11, 2024
Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges. Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices. Cisco Unity Connection is a messaging […]

Pierluigi Paganini October 31, 2023
Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Researchers from Researchers at Horizon3.ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Cisco recently warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited […]

Pierluigi Paganini October 23, 2023
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

US CISA added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The vulnerability is an unspecified issue in the web user interface. An attacker can chain this flaw with CVE-2023-20198 to leverage the new […]

Pierluigi Paganini October 16, 2023
Cisco warns of active exploitation of IOS XE zero-day

Cisco warned customers of a critical zero-day vulnerability in its IOS XE Software that is actively exploited in attacks. Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance […]

Pierluigi Paganini September 28, 2023
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. Cisco warned customers to install security updates to address an actively exploited zero-day vulnerability, tracked as CVE-2023-20109 (CVS 6.6), that resides in IOS and IOS XE software. The vulnerability resides in […]