Cisco News Articles
Recent news articles refferecing the vendors vulnerabilities.
CyberSecurityNews CVE-2024-20418Cisco Industrial Wireless Software Flaw Let Attackers Run Command As Root User
A critical security vulnerability tracked as “CVE-2024-20418”, was detected recently in the web GUI of Cisco Unified Industrial Wireless Software installed on Ultra-Reliable Wireless Backhaul (URWB) Access Points.
2 weeks ago
CVE-2024-20418Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw
Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert. The weakness – dubbed CVE-2024-20418 and made public yesterday – is...
2 weeks ago
The Register CVE-2024-20418Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw
Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert. The weakness – dubbed CVE-2024-20418 and made public yesterday – is...
2 weeks ago
Help Net Security CVE-2024-20418Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) - Help Net Security
Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul (URWB) Access Points.
2 weeks ago
GBHackers News CVE-2024-20418Cisco Flaw Let Attackers Run Command as Root User
A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.
2 weeks ago
CyberSecurityNews CVE-2024-20481CVE-2024-37383CISA Warns of Cisco ASA & Roundcube Vulnerabilities Exploited in Wild
(CISA has announced the addition of two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
1 month ago
CVE-2024-20481Cisco fixes bug under exploit in brute-force attacks
Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service...
1 month ago
The Register CVE-2024-20481Cisco fixes bug under exploit in brute-force attacks
Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service...
1 month ago
Cisco fixes VPN DoS flaw discovered in password spray attacks
Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April.
1 month ago
Cisco ASA and FTD zero day used in password spraying attacks | Tech...
Another Cisco ASA and FTD vulnerability was disclosed on Wednesday. Organizations are urged to patch as its under active exploitation.
1 month ago
Security Affairs CVE-2024-20481Cisco fixed tens of vulnerabilities, including an actively exploited one
Cisco patched vulnerabilities in ASA, FMC, and FTD products, including one actively exploited in a large-scale brute-force attack campaign.
1 month ago
GBHackers CVE-2024-20329Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw
Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software.
1 month ago
CVE-2024-20393 Description, Impact and Technical Details
CVE-2024-20393 is a vulnerability affecting Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, which allows an authen…
2 months ago
SystemTek CVE-2024-20432Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability [CVE-2024-20432]
CVE number = CVE-2024-20432 A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command...
2 months ago
GBHackers CVE-2024-20252CVE-2024-20254Critical Cisco Expressway Flaw Let Remote Execute Arbitrary Code
Cisco patched the CSRF vulnerabilities identified as CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6).
3 months ago
CyberWire CVE-2024-20399Hackers target recently disclosed LiteSpeed Cache vulnerability.
Halliburton sustains cyberattack. Chinese threat actor exploited Cisco zero-day.
3 months ago
Zero-day Cisco switch bug being exploited by cyber actors
The flaw, tracked as CVE-2024-20399 with a CVSS score of 6.0, allows attackers with valid admin credentials to bypass the NX-OS command line interface and execute arbitrary commands on the underlying Linux OS.
3 months ago
The Hacker News CVE-2024-20399Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
Chinese hackers exploit Cisco switch vulnerability to gain system control and evade detection. Cybersecurity firm uncovers sophisticated espionage cam
3 months ago
Maximum severity Cisco SSM On-Prem vulnerability addressed
Such a vulnerability, tracked as CVE-2024-20419, could be exploited to facilitate web UI or API access and eventually allow the unauthenticated creation of new user passwords, according to Cisco.
4 months ago
Tech Monitor CVE-2024-20419Cisco patches vulnerability allowing attackers to change admin passwords
Named CVE-2024-20419, the bug affecting Cisco Smart Software Manager On-Prem carries the maximum possible CVSS rating.
4 months ago
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.
4 months ago
CVE-2024-20419Critical Cisco bug allows crims to change admin passwords
Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1...
4 months ago
The Register CVE-2024-20419Critical Cisco bug allows crims to change admin passwords
Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1...
4 months ago
Help Net Security CVE-2024-20401CVE-2024-20419Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) - Help Net Security
CVE-2024-20401 enables overwriting files on Cisco Secure Email Gateways, CVE-2024-20419 allows changing account passwords on SSM On-Prem.
4 months ago
The Register CVE-2024-20399Cisco plugs zero-day abused by suspected Chinese cyber spies
Cisco switch owners should probably apply the patch that just dropped for a vulnerability that was exploited in April as a zero-day to install malware on an array of its Nexus switches. On paper,...
5 months ago
Novel Cisco NX-OS zero-day leveraged by Chinese hackers
Chinese state-backed hacking group Velvet Ant targeted Cisco network switches with NX-OS software impacted by the newly discovered zero-day, tracked as CVE-2024-20399, as part of a cyberespionage attack in April, according to The Record, a news site by cybersecurity firm Recorded Future.
5 months ago
Patch Now: Cisco Zero-Day Under Fire From Chinese APT
Threat actor "Velvet Ant" has been exploiting a vulnerability in Cisco's NX-OS Software for managing a variety of switches, executing commands and dropping custom malware.
5 months ago
思科針對網路設備作業系統NX-OS零時差漏洞提出警告,中國駭客Velvet Ant將其用於散布惡意軟體
本週思科公布旗下網路設備作業系統NX-OS的漏洞CVE-2024-20399,並指出已在3個月前出現攻擊行動,通報此事的資安業者Sygnia表示,中國駭客Velvet Ant已將其用於網路間諜活動
5 months ago
Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies
Cisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant.
5 months ago
Palo Alto Networks CVE-2023-20198Threat Brief: Cisco IOS XE Web UI Privilege Escalation Vulnerability (Updated)
CVE-2023-20198 impacts Cisco IOS XE devices and allows attackers full admin access. Our overview includes attack surface telemetry of potential impact.
6 months ago
Cyber Security Informer CVE-2024-20360Top Cyber Security Informer Penetration Testing Artificial Intelligence Content for Thu.May 23, 2024
Best content around Penetration Testing Artificial Intelligence selected by the Cyber Security Informer community.
6 months ago
GBHackers on Security CVE-2024-20360Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks
A vulnerability has been identified in the web-based management interface of Cisco FMC Software, potentially allowing authentication.
6 months ago
Rewterz CVE-2024-20360CVE-2024-20363Multiple Cisco Products Vulnerabilities - Rewterz
Cisco Firepower Management Center Software is vulnerable to SQL injection.
6 months ago
Norway issues warning after ‘important businesses’ affected by Cisco zero-days
The chief of Norway's NSM agency said the pair of zero-day vulnerabilities affecting Cisco IOS XE had created a "very serious" situation for some organizations.
7 months ago
Kroll CVE-2023-20198Kroll analysts respond to exploitation of vulnerability within the web user interface (UI) functionality of Cisco IOS XE. Read more.
Kroll analysts respond to exploitation of vulnerability within the web user interface (UI) functionality of Cisco IOS XE. Read more.
7 months ago
Help Net Security CVE-2024-20353CVE-2024-20359Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024 - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days
7 months ago
Cisco Zero-Days Anchor 'ArcaneDoor' Cyber Espionage Campaign
Attacks by a previously unknown state-sponsored actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.
7 months ago
Cisco zero-day flaws in ASA, FTD software under attack | TechTarget
Cisco said two zero-day flaws in its ASA and FTD products were exploited by a nation-state threat actor in a campaign called 'ArcaneDoor.'
7 months ago
CybersecurityNews CVE-2024-20353CVE-2024-20359ArcaneDoor Exploiting Cisco Zero-Days To Attack Government Networks
Hackers target Cisco zero-days as they can abuse the widely used networking equipment that contains vulnerabilities which means they can affect many systems and networks in one shot.
7 months ago
Help Net Security CVE-2024-20353CVE-2024-20359Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) - Help Net Security
Attackers have used two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on government Cisco ASA appliances.
7 months ago
meterpreter.org CVE-2024-20295Vulnerability • InfoTech & InfoSec News
CVE-2024-20295: Cisco Integrated Management Controller CLI Command Injection VulnerabilityCisco has released updates to address a critical vulnerability in its Integrated Management Controller, which allows...
7 months ago
Cisco discloses high-severity vulnerability, PoC available | TechTa...
Cisco published a security advisory for the vulnerability tracked as CVE-2024-20295 and urged users to upgrade to fixed versions.
7 months ago
LRQA Nettitude CVE-2024-20356CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
Exploiting remote code execution in Cisco's CIMC management system and jailbreaking the device to run untrusted code
7 months ago
ÇözümPark CVE-2024-20295Cisco'dan Kritik Zafiyet Uyarısı! - ÇözümPark
Cisco, Integrated Management Controller (IMC)’da tespit edilen ve saldırganlara root yetkiler sağlayan kritik zafiyet için güncelleme yayınlandı. İşin en kötü tarafı zafiyete ait exploit’in public olarak yayınlanmış olması. CVE-2024-20295 olarak izlenen versayılan yapılandırmalarda zafiyet aşağıdaki...
7 months ago
AttackerKB CVE-2024-20328CVE-2024-20328 | AttackerKB
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service ac…
8 months ago
dayzerosec CVE-2024-20328ClamAV Not So Calm [CVE-2024-20328]
A pretty classic command injection vulnerability but in ClamAV. Often seen (in my experience) running on mail-servers to scan incoming email attachments. When a virus is detected `clamd` will execute a command: ``` VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v in %f" ``` Where `...
8 months ago
Britec Computer Systems CVE-2024-20337Cyber Threat Landscape: A Look at Cisco’s CVE-2024-20337 Patch
Unveil the threat of CVE-2024-20337 with Cisco’s Secure Client flaw. Learn how to secure your VPN sessions and protect against potential hijacking.
8 months ago
Spiceworks CVE-2024-20337CVE-2024-20338Cisco Patches VPN Hijacking Bug - Spiceworks
Cisco has released patches for a critical vulnerability that enabled VPN hijacking in its Secure Client software. Find out more.
8 months ago
The Final Hop CVE-2024-20337Understanding CVE-2024-20337: A Deep Dive into Cisco's Latest Patch
The Critical Flaw in Cisco's Secure Client Cisco has taken significant steps to mitigate a high-severity vulnerability in its Secure Client software, identified as CVE-2024-20337. With a CVSS score of 8.2, this flaw allowed for a carriage return line feed (CRLF) injection attack, representing a sop...
9 months ago
Help Net Security CVE-2024-20337Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) - Help Net Security
Cisco has fixed a vulnerability (CVE-2024-20337) in its Secure Client enterprise VPN solution that could reveal users' authentication tokens.
9 months ago