CISCO

Pierluigi Paganini August 19, 2022
Cisco fixes High-Severity bug in Secure Web Appliance

Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […]

Pierluigi Paganini August 11, 2022
Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key

Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2022-20866, impacts the handling of RSA keys on devices running Cisco ASA Software and […]

Pierluigi Paganini August 10, 2022
Cisco was hacked by the Yanluowang ransomware gang

Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat […]

Pierluigi Paganini August 04, 2022
Cisco addressed critical flaws in Small Business VPN routers

Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The flaw resides in the web-based management interface of several Small Business VPN routers, including Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. […]

Pierluigi Paganini July 08, 2022
Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions

Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products. Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS). A remote attacker can trigger the flaw to overwrite files on the […]

Pierluigi Paganini June 16, 2022
Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager

Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. The flaw, tracked as CVE-2022-20798 (CVSS score 9.8), can be exploited by an unauthenticated, remote attacker to bypass […]

Pierluigi Paganini May 21, 2022
Cisco fixes an IOS XR flaw actively exploited in the wild

Cisco addressed a medium-severity vulnerability affecting IOS XR Software, the company warns that the flaw is actively exploited in the wild. Cisco released security updates to address a medium-severity vulnerability affecting IOS XR Software, tracked as CVE-2022-20821 (CVSS score: 6.5), that threat actors are actively exploiting in attacks in the wild. The flaw resides in […]

Pierluigi Paganini May 05, 2022
Cisco addresses three bugs in Enterprise NFVIS Software

Cisco addresses three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could allow the compromise of the hosts. Cisco addressed three vulnerabilities, tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, affecting the Enterprise NFV Infrastructure Software (NFVIS) that could be exploited by attackers to take control over the hosts. “Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure […]

Pierluigi Paganini April 21, 2022
Static SSH host key in Cisco Umbrella allows stealing admin credentials

Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) that could allow stealing admin credentials. Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), tracked as CVE-2022-20773, that could be exploited by an unauthenticated attacker to steal admin credentials remotely. Umbrella is Cisco’s cloud-based Secure Internet Gateway (SIG) […]

Pierluigi Paganini April 15, 2022
Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass […]