CISCO

Pierluigi Paganini August 19, 2021
Cisco will not patch critical flaw CVE-2021-34730 in EoF routers

Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W routers Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small business RV110W, RV130, RV130W, and RV215W routers. The CVE-2021-34730 flaw resides in the Universal Plug-and-Play (UPnP) service […]

Pierluigi Paganini August 08, 2021
A zero-day RCE in Cisco ASDM has yet to be fixed

A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher disclosed in July has yet to be addressed. Cisco provided an update on a remote code execution (RCE) vulnerability (CVE-2021-1585) in the Adaptive Security Device Manager (ASDM) Launcher, the IT giant confirmed that the flaw has yet to be addressed. […]

Pierluigi Paganini August 03, 2021
Cisco fixed Remote Code Execution issue in Firepower Device Manager On-Box software

Cisco addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that allows attackers to execute arbitrary code on vulnerable devices. Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software, tracked as CVE-2021-1518, that could be exploited by an attacker to execute arbitrary code on vulnerable devices. FDM On-Box allows […]

Pierluigi Paganini July 09, 2021
Cisco fixes High Severity issue in BPA and WSA

Cisco addresses high severity privilege escalation vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks. Cisco released security patches for high severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks. The IT giant fixed two flaws […]

Pierluigi Paganini June 18, 2021
Expert found multiple flaws in Cisco Small Business 220 series

A researcher discovered multiple vulnerabilities in smart switches of Cisco’s Small Business 220 series, including some issues rated as high severity. Security researcher Jasper Lievisse Adriaanse has discovered multiple vulnerabilities Cisco’s Small Business 220 series smart switches. The vulnerabilities impact devices running firmware versions prior 1.2.0.6 and which have the web-based management interface enabled. The […]

Pierluigi Paganini June 03, 2021
Cisco fixes High-severity issues in Webex, SD-WAN, ASR 5000 software

Cisco addressed multiple security flaws, including high-severity vulnerabilities, in Webex Player, SD-WAN software, and ASR 5000 series software. Cisco has addressed multiple vulnerabilities in its products, including high-risk flaws in Webex Player, SD-WAN software, and ASR 5000 series software. The IT giant fixed three high-severity vulnerabilities (CVE-2021-1503, CVE-2021-1526, CVE-2021-1502) affecting Webex Player for Windows and […]

Pierluigi Paganini May 13, 2021
Cisco fixes AnyConnect Client VPN zero-day disclosed in November

Cisco has addressed a zero-day in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. Cisco has addressed a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client, tracked as CVE-2020-3556, that was disclosed in November. The availability of a proof-of-concept exploit code for the zero-day was confirmed by the Cisco Product Security […]

Pierluigi Paganini May 06, 2021
Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software

Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing commands as root. Cisco SD-WAN vManage Software flaws (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, CVE-2021-1508) could […]

Pierluigi Paganini March 06, 2021
Multiple Cisco products exposed to DoS attack due to a Snort issue

Cisco announced that a vulnerability in the Snort detection engine exposes several of its products to denial-of-service (DoS) attacks. Cisco announced this week that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine. The vulnerability resides in the Ethernet Frame Decoder of the Snort detection […]

Pierluigi Paganini February 25, 2021
Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS

Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical flaws impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. The most severe vulnerability […]