CISCO

Pierluigi Paganini March 03, 2022
Cisco fixed two critical flaws in Expressway, TelePresence VCS solutions

Cisco fixed critical flaws in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products. Cisco announced security patches for a couple of critical vulnerabilities, tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS score of 9.0), in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products. “Multiple vulnerabilities in the API and […]

Pierluigi Paganini February 17, 2022
Specially crafted emails could crash Cisco ESA devices

Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653, that resides in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA. A remote, unauthenticated attacker […]

Pierluigi Paganini February 03, 2022
Cisco fixes critical flaws in its Small Business Routers

Cisco released security patches to address multiple flaws in its Small Business RV160, RV260, RV340, and RV345 series routers. Cisco announced patches for multiple issue affecting its Small Business RV160, RV260, RV340, and RV345 series routers. Some of the bugs fixed by the IT giant could lead to the execution of arbitrary code with root […]

Pierluigi Paganini January 20, 2022
Cisco StarOS flaws could allow remote code execution and information disclosure

Cisco addressed a critical RCE flaw in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. Cisco has addressed a critical remote code execution vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. The flaw, discovered by the company experts during internal security testing, can be exploited by […]

Pierluigi Paganini January 13, 2022
Cisco fixes a critical flaw in Unified CCMP and Unified CCDM

Cisco fixed a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified CCMP and Unified CCDM. Cisco released security patches to address a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM). A remote attacker could exploit the flaw to elevate […]

Pierluigi Paganini November 04, 2021
Cisco warns of hard-coded credentials and default SSH key issues in some products

Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys. The first flaw fixed by […]

Pierluigi Paganini September 24, 2021
Cisco addresses 3 critical vulnerabilities in IOS XE Software

Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers. The most severe of these vulnerabilities is a Remote Code Execution Vulnerability, tracked as CVE-2021-34770, […]

Pierluigi Paganini September 11, 2021
Cisco released security patches for High-Severity flaws in IOS XR software

Cisco fixed multiple high-severity flaws in the IOS XR software that can allow attackers to trigger a DoS condition, elevate privileges, overwrite/read arbitrary files. Cisco released security updates to address multiple high-severity vulnerabilities in the IOS XR software that can be exploited to conduct multiple malicious activities, such as rebooting devices and elevate privileges. The […]

Pierluigi Paganini September 02, 2021
Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists

Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code is available. Cisco announced the availability of security patches for a critical authentication bypass flaw (CVE-2021-34746) in Enterprise NFV Infrastructure Software (NFVIS) for which proof-of-concept exploit code is already available. An attacker can exploit the […]

Pierluigi Paganini August 20, 2021
Cisco warns of Server Name Identification data exfiltration flaw in multiple products

Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns. Cisco warns of a vulnerability in Server Name Identification (SNI) request filtering that affects multiple products (Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine) that could be exploited […]