Cisco Security Vulnerability Thread.

scottalanmiller

Youtube Video

travisdh1

Remote access to Sysadmin in Cisco ASR 9000 series.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr

travisdh1

https://www.networkworld.com/article/3392858/cisco-issues-critical-security-warning-for-nexus-data-center-switches.html

Secret access to switches and firewalls. In addition to the sundry less critical flaws.

travisdh1

https://www.us-cert.gov/ncas/current-activity/2019/05/07/Cisco-Releases-Security-Update-Elastic-Services-Controller

Another remote vulnerability. Just another week in the Cisco world.

NashBrydges

https://www.businesswire.com/news/home/20190513005742/en/Red-Balloon-Security-Discovers-Critical-Vulnerability-Millions

Dashrender

@NashBrydges said in Cisco Security Vulnerability Thread.:

https://www.businesswire.com/news/home/20190513005742/en/Red-Balloon-Security-Discovers-Critical-Vulnerability-Millions

wow

Red Balloon Security researchers have demonstrated physical destruction of Cisco routers by leveraging Thrangrycat via remote exploitation

ouch!

travisdh1

@NashBrydges said in Cisco Security Vulnerability Thread.:

https://www.businesswire.com/news/home/20190513005742/en/Red-Balloon-Security-Discovers-Critical-Vulnerability-Millions

Thanks for posting. Saw this headline, but didn't get to actually read the article yet.

NashBrydges

Looks like that vulnerability is worse than expected.

https://www.bleepingcomputer.com/news/security/cisco-upgrades-remote-code-execution-flaws-to-critical-severity/

travisdh1

Multiple vulnerabilities patched this month. Make sure you're account is paid up so you can keep everything updated. Or more reasonably toss the gear for something reasonably priced.

At least 1 remote vulnerability, again.

https://www.us-cert.gov/ncas/current-activity/2019/06/05/Cisco-Releases-Security-Updates-Multiple-Products

davide.bonavita

LOL

travisdh1

@davide-bonavita said in Cisco Security Vulnerability Thread.:

LOL

It's the bi-weekly gift that always gives you so much joy, and extra work to patch.

travisdh1

Another remote vulnerability. Just anything that can be managed from a web page this time.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf

travisdh1

They say patch now, and I believe them.

https://www.zdnet.com/article/cisco-critical-flaw-warning-these-two-bugs-in-our-data-center-gear-need-patching-now/

travisdh1

CISA, more remote vulnerabilities. Go patch.

https://www.us-cert.gov/ncas/current-activity/2019/06/26/cisco-releases-security-updates-data-center-network-manager

travisdh1

What? How does this even happen!? Another companies security keys in their equipment.

https://www.zdnet.com/article/seriously-cisco-put-huawei-x-509-certificates-and-keys-into-its-own-switches/

NashBrydges

This thread just makes it seem like Cisco is asleep at the wheel. lol

travisdh1

@NashBrydges said in Cisco Security Vulnerability Thread.:

This thread just makes it seem like Cisco is asleep at the wheel. lol

This isn't even asleep at the wheel, our interns here do security better than Cisco! This is into actively malicious territory imo.

travisdh1

Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos

Only a few ASA-5500 models affected this time.

travisdh1

All your signs are belong to us: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth

Plus the normal plethora: https://tools.cisco.com/security/center/publicationListing.x

nadnerB

https://www.itnews.com.au/news/cisco-whistleblower-gets-first-false-claims-payout-over-cyber-security-528963

Cisco Systems has agreed to settle a whistleblower’s claim that it improperly sold video surveillance software with known vulnerabilities to US federal and state governments