Cisco Security Vulnerability Thread.
-
Go patch all your Cisco things. Lots of stuff they classify as High priority and a fix for the router vulnerability from last week.
-
Only 2 things today. They must have had a slow week.
https://www.us-cert.gov/ncas/current-activity/2019/03/13/Cisco-Releases-Security-Updates
According to CISA, one is yet another hardcoded credential, and one is a DDOS vulnerability.
-
CISA news this morning:
Cisco Releases Security Advisories for Multiple Products
03/20/2019 04:50 PM EDTOriginal release date: March 20, 2019
Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.
• Cisco IP Phone 8800 Series Path Traversal Vulnerability cisco-sa-20190320-ipptv https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv
• Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability cisco-sa-20190320-ipfudos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos
• Cisco IP Phone 8800 Series Authorization Bypass Vulnerability cisco-sa-20190320-ipab https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab
• Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability cisco-sa-20190320-ip-phone-rce https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce
• Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability cisco-sa-20190320-ip-phone-csrf https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf -
More today. Lots of things classified as High, go patch the Cisco things!
-
Just remotely getting configuration information today.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid
-
-
Remote access to Sysadmin in Cisco ASR 9000 series.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr
-
Secret access to switches and firewalls. In addition to the sundry less critical flaws.
-
Another remote vulnerability. Just another week in the Cisco world.
-
-
@NashBrydges said in Cisco Security Vulnerability Thread.:
wow
Red Balloon Security researchers have demonstrated physical destruction of Cisco routers by leveraging Thrangrycat via remote exploitation
ouch!
-
@NashBrydges said in Cisco Security Vulnerability Thread.:
Thanks for posting. Saw this headline, but didn't get to actually read the article yet.
-
Looks like that vulnerability is worse than expected.
-
Multiple vulnerabilities patched this month. Make sure you're account is paid up so you can keep everything updated. Or more reasonably toss the gear for something reasonably priced.
At least 1 remote vulnerability, again.
-
LOL
-
@davide-bonavita said in Cisco Security Vulnerability Thread.:
LOL
It's the bi-weekly gift that always gives you so much joy, and extra work to patch.
-
Another remote vulnerability. Just anything that can be managed from a web page this time.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf
-
They say patch now, and I believe them.
-
CISA, more remote vulnerabilities. Go patch.
-
What? How does this even happen!? Another companies security keys in their equipment.