ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Cisco Security Vulnerability Thread.

    News
    cisco security
    14
    91
    12.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • travisdh1T
      travisdh1
      last edited by

      Go patch all your Cisco things. Lots of stuff they classify as High priority and a fix for the router vulnerability from last week.

      https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

      1 Reply Last reply Reply Quote 0
      • travisdh1T
        travisdh1
        last edited by

        Only 2 things today. They must have had a slow week.

        https://www.us-cert.gov/ncas/current-activity/2019/03/13/Cisco-Releases-Security-Updates

        According to CISA, one is yet another hardcoded credential, and one is a DDOS vulnerability.

        1 Reply Last reply Reply Quote 0
        • travisdh1T
          travisdh1
          last edited by

          CISA news this morning:

          Cisco Releases Security Advisories for Multiple Products
          03/20/2019 04:50 PM EDT

          Original release date: March 20, 2019
          Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

          The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.
          • Cisco IP Phone 8800 Series Path Traversal Vulnerability cisco-sa-20190320-ipptv https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv
          • Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability cisco-sa-20190320-ipfudos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos
          • Cisco IP Phone 8800 Series Authorization Bypass Vulnerability cisco-sa-20190320-ipab https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab
          • Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability cisco-sa-20190320-ip-phone-rce https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce
          • Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability cisco-sa-20190320-ip-phone-csrf https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf

          1 Reply Last reply Reply Quote 0
          • travisdh1T
            travisdh1
            last edited by

            More today. Lots of things classified as High, go patch the Cisco things!

            https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

            1 Reply Last reply Reply Quote 0
            • travisdh1T
              travisdh1
              last edited by

              Just remotely getting configuration information today.

              https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Youtube Video

                1 Reply Last reply Reply Quote 1
                • travisdh1T
                  travisdh1
                  last edited by

                  Remote access to Sysadmin in Cisco ASR 9000 series.

                  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr

                  1 Reply Last reply Reply Quote 0
                  • travisdh1T
                    travisdh1
                    last edited by

                    https://www.networkworld.com/article/3392858/cisco-issues-critical-security-warning-for-nexus-data-center-switches.html

                    Secret access to switches and firewalls. In addition to the sundry less critical flaws.

                    1 Reply Last reply Reply Quote 0
                    • travisdh1T
                      travisdh1
                      last edited by

                      https://www.us-cert.gov/ncas/current-activity/2019/05/07/Cisco-Releases-Security-Update-Elastic-Services-Controller

                      Another remote vulnerability. Just another week in the Cisco world.

                      1 Reply Last reply Reply Quote 0
                      • NashBrydgesN
                        NashBrydges
                        last edited by

                        https://www.businesswire.com/news/home/20190513005742/en/Red-Balloon-Security-Discovers-Critical-Vulnerability-Millions

                        DashrenderD travisdh1T 2 Replies Last reply Reply Quote 2
                        • DashrenderD
                          Dashrender @NashBrydges
                          last edited by

                          @NashBrydges said in Cisco Security Vulnerability Thread.:

                          https://www.businesswire.com/news/home/20190513005742/en/Red-Balloon-Security-Discovers-Critical-Vulnerability-Millions

                          wow

                          Red Balloon Security researchers have demonstrated physical destruction of Cisco routers by leveraging Thrangrycat via remote exploitation

                          ouch!

                          1 Reply Last reply Reply Quote 0
                          • travisdh1T
                            travisdh1 @NashBrydges
                            last edited by

                            @NashBrydges said in Cisco Security Vulnerability Thread.:

                            https://www.businesswire.com/news/home/20190513005742/en/Red-Balloon-Security-Discovers-Critical-Vulnerability-Millions

                            Thanks for posting. Saw this headline, but didn't get to actually read the article yet.

                            1 Reply Last reply Reply Quote 0
                            • NashBrydgesN
                              NashBrydges
                              last edited by

                              Looks like that vulnerability is worse than expected.

                              https://www.bleepingcomputer.com/news/security/cisco-upgrades-remote-code-execution-flaws-to-critical-severity/

                              1 Reply Last reply Reply Quote 1
                              • travisdh1T
                                travisdh1
                                last edited by

                                Multiple vulnerabilities patched this month. Make sure you're account is paid up so you can keep everything updated. Or more reasonably toss the gear for something reasonably priced.

                                At least 1 remote vulnerability, again.

                                https://www.us-cert.gov/ncas/current-activity/2019/06/05/Cisco-Releases-Security-Updates-Multiple-Products

                                1 Reply Last reply Reply Quote 0
                                • davide.bonavitaD
                                  davide.bonavita
                                  last edited by

                                  LOL

                                  travisdh1T 1 Reply Last reply Reply Quote 0
                                  • travisdh1T
                                    travisdh1 @davide.bonavita
                                    last edited by

                                    @davide-bonavita said in Cisco Security Vulnerability Thread.:

                                    LOL

                                    It's the bi-weekly gift that always gives you so much joy, and extra work to patch.

                                    1 Reply Last reply Reply Quote 0
                                    • travisdh1T
                                      travisdh1
                                      last edited by

                                      Another remote vulnerability. Just anything that can be managed from a web page this time.

                                      https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf

                                      1 Reply Last reply Reply Quote 0
                                      • travisdh1T
                                        travisdh1
                                        last edited by

                                        They say patch now, and I believe them.

                                        https://www.zdnet.com/article/cisco-critical-flaw-warning-these-two-bugs-in-our-data-center-gear-need-patching-now/

                                        1 Reply Last reply Reply Quote 0
                                        • travisdh1T
                                          travisdh1
                                          last edited by

                                          CISA, more remote vulnerabilities. Go patch.

                                          https://www.us-cert.gov/ncas/current-activity/2019/06/26/cisco-releases-security-updates-data-center-network-manager

                                          1 Reply Last reply Reply Quote 0
                                          • travisdh1T
                                            travisdh1
                                            last edited by

                                            What? How does this even happen!? Another companies security keys in their equipment.

                                            https://www.zdnet.com/article/seriously-cisco-put-huawei-x-509-certificates-and-keys-into-its-own-switches/

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 3 / 5
                                            • First post
                                              Last post