Cisco News Articles
Recent news articles refferecing the vendors vulnerabilities.
CyberWire CVE-2024-20399Hackers target recently disclosed LiteSpeed Cache vulnerability.
Halliburton sustains cyberattack. Chinese threat actor exploited Cisco zero-day.
4 weeks ago
Zero-day Cisco switch bug being exploited by cyber actors
The flaw, tracked as CVE-2024-20399 with a CVSS score of 6.0, allows attackers with valid admin credentials to bypass the NX-OS command line interface and execute arbitrary commands on the underlying Linux OS.
4 weeks ago
The Hacker News CVE-2024-20399Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
Chinese hackers exploit Cisco switch vulnerability to gain system control and evade detection. Cybersecurity firm uncovers sophisticated espionage cam
1 month ago
Maximum severity Cisco SSM On-Prem vulnerability addressed
Such a vulnerability, tracked as CVE-2024-20419, could be exploited to facilitate web UI or API access and eventually allow the unauthenticated creation of new user passwords, according to Cisco.
2 months ago
Tech Monitor CVE-2024-20419Cisco patches vulnerability allowing attackers to change admin passwords
Named CVE-2024-20419, the bug affecting Cisco Smart Software Manager On-Prem carries the maximum possible CVSS rating.
2 months ago
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.
2 months ago
The Register CVE-2024-20419Critical Cisco bug allows crims to change admin passwords
Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1...
2 months ago
CVE-2024-20419Critical Cisco bug allows crims to change admin passwords
Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1...
2 months ago
Help Net Security CVE-2024-20401CVE-2024-20419Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) - Help Net Security
CVE-2024-20401 enables overwriting files on Cisco Secure Email Gateways, CVE-2024-20419 allows changing account passwords on SSM On-Prem.
2 months ago
The Register CVE-2024-20399Cisco plugs zero-day abused by suspected Chinese cyber spies
Cisco switch owners should probably apply the patch that just dropped for a vulnerability that was exploited in April as a zero-day to install malware on an array of its Nexus switches. On paper,...
3 months ago
Novel Cisco NX-OS zero-day leveraged by Chinese hackers
Chinese state-backed hacking group Velvet Ant targeted Cisco network switches with NX-OS software impacted by the newly discovered zero-day, tracked as CVE-2024-20399, as part of a cyberespionage attack in April, according to The Record, a news site by cybersecurity firm Recorded Future.
3 months ago
Patch Now: Cisco Zero-Day Under Fire From Chinese APT
Threat actor "Velvet Ant" has been exploiting a vulnerability in Cisco's NX-OS Software for managing a variety of switches, executing commands and dropping custom malware.
3 months ago
思科針對網路設備作業系統NX-OS零時差漏洞提出警告,中國駭客Velvet Ant將其用於散布惡意軟體
本週思科公布旗下網路設備作業系統NX-OS的漏洞CVE-2024-20399,並指出已在3個月前出現攻擊行動,通報此事的資安業者Sygnia表示,中國駭客Velvet Ant已將其用於網路間諜活動
3 months ago
Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies
Cisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant.
3 months ago
Palo Alto Networks CVE-2023-20198Threat Brief: Cisco IOS XE Web UI Privilege Escalation Vulnerability (Updated)
CVE-2023-20198 impacts Cisco IOS XE devices and allows attackers full admin access. Our overview includes attack surface telemetry of potential impact.
3 months ago
Cyber Security Informer CVE-2024-20360Top Cyber Security Informer Penetration Testing Artificial Intelligence Content for Thu.May 23, 2024
Best content around Penetration Testing Artificial Intelligence selected by the Cyber Security Informer community.
4 months ago
GBHackers on Security CVE-2024-20360Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks
A vulnerability has been identified in the web-based management interface of Cisco FMC Software, potentially allowing authentication.
4 months ago
Rewterz CVE-2024-20360CVE-2024-20363Multiple Cisco Products Vulnerabilities - Rewterz
Cisco Firepower Management Center Software is vulnerable to SQL injection.
4 months ago
Norway issues warning after ‘important businesses’ affected by Cisco zero-days
The chief of Norway's NSM agency said the pair of zero-day vulnerabilities affecting Cisco IOS XE had created a "very serious" situation for some organizations.
5 months ago
Kroll CVE-2023-20198Kroll analysts respond to exploitation of vulnerability within the web user interface (UI) functionality of Cisco IOS XE. Read more.
Kroll analysts respond to exploitation of vulnerability within the web user interface (UI) functionality of Cisco IOS XE. Read more.
5 months ago
Help Net Security CVE-2024-20353CVE-2024-20359Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024 - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days
5 months ago
Cisco Zero-Days Anchor 'ArcaneDoor' Cyber Espionage Campaign
Attacks by a previously unknown state-sponsored actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.
5 months ago
Cisco zero-day flaws in ASA, FTD software under attack | TechTarget
Cisco said two zero-day flaws in its ASA and FTD products were exploited by a nation-state threat actor in a campaign called 'ArcaneDoor.'
5 months ago
CybersecurityNews CVE-2024-20353CVE-2024-20359ArcaneDoor Exploiting Cisco Zero-Days To Attack Government Networks
Hackers target Cisco zero-days as they can abuse the widely used networking equipment that contains vulnerabilities which means they can affect many systems and networks in one shot.
5 months ago
Help Net Security CVE-2024-20353CVE-2024-20359Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) - Help Net Security
Attackers have used two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on government Cisco ASA appliances.
5 months ago
meterpreter.org CVE-2024-20295Vulnerability • InfoTech & InfoSec News
CVE-2024-20295: Cisco Integrated Management Controller CLI Command Injection VulnerabilityCisco has released updates to address a critical vulnerability in its Integrated Management Controller, which allows...
5 months ago
Cisco discloses high-severity vulnerability, PoC available | TechTa...
Cisco published a security advisory for the vulnerability tracked as CVE-2024-20295 and urged users to upgrade to fixed versions.
5 months ago
LRQA Nettitude CVE-2024-20356CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
Exploiting remote code execution in Cisco's CIMC management system and jailbreaking the device to run untrusted code
5 months ago
ÇözümPark CVE-2024-20295Cisco'dan Kritik Zafiyet Uyarısı! - ÇözümPark
Cisco, Integrated Management Controller (IMC)’da tespit edilen ve saldırganlara root yetkiler sağlayan kritik zafiyet için güncelleme yayınlandı. İşin en kötü tarafı zafiyete ait exploit’in public olarak yayınlanmış olması. CVE-2024-20295 olarak izlenen versayılan yapılandırmalarda zafiyet aşağıdaki...
5 months ago
AttackerKB CVE-2024-20328CVE-2024-20328 | AttackerKB
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service ac…
6 months ago
dayzerosec CVE-2024-20328ClamAV Not So Calm [CVE-2024-20328]
A pretty classic command injection vulnerability but in ClamAV. Often seen (in my experience) running on mail-servers to scan incoming email attachments. When a virus is detected `clamd` will execute a command: ``` VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v in %f" ``` Where `...
6 months ago
Britec Computer Systems CVE-2024-20337Cyber Threat Landscape: A Look at Cisco’s CVE-2024-20337 Patch
Unveil the threat of CVE-2024-20337 with Cisco’s Secure Client flaw. Learn how to secure your VPN sessions and protect against potential hijacking.
6 months ago
Spiceworks CVE-2024-20337CVE-2024-20338Cisco Patches VPN Hijacking Bug - Spiceworks
Cisco has released patches for a critical vulnerability that enabled VPN hijacking in its Secure Client software. Find out more.
6 months ago
The Final Hop CVE-2024-20337Understanding CVE-2024-20337: A Deep Dive into Cisco's Latest Patch
The Critical Flaw in Cisco's Secure Client Cisco has taken significant steps to mitigate a high-severity vulnerability in its Secure Client software, identified as CVE-2024-20337. With a CVSS score of 8.2, this flaw allowed for a carriage return line feed (CRLF) injection attack, representing a sop...
6 months ago
Help Net Security CVE-2024-20337Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) - Help Net Security
Cisco has fixed a vulnerability (CVE-2024-20337) in its Secure Client enterprise VPN solution that could reveal users' authentication tokens.
6 months ago
CybersecurityNews CVE-2024-20301Cisco Duo for Windows Logon and RDP Let Attacker Bypass Authentication
A vulnerability, CVE-2024-20301 identified in Cisco Duo Authentication for Windows Logon and Remote Desktop Protocol (RDP), risk to affected.
6 months ago
securityonline.info CVE-2024-20328No Click Required: PoC Available for ClamAV Command Injection Bug (CVE-2024-20328)
A PoC for CVE-2024-20328, a critical vulnerability in ClamAV, that allows remote code execution, was published
7 months ago
securityonline.info CVE-2024-20328CVE-2024-20290ClamAV Bugs Expose Users to Command Injection (CVE-2024-20328) and DoS Attacks (CVE-2024-20290)
ClamAV's developers issued critical patches addressing two vulnerabilities (CVE-2024-20328 & CVE-2024-20290) within the library
7 months ago
CyberIQs CVE-2024-20253How To Fix CVE-2024-20253 In Cisco Products – CyberIQs
Identified as CVE-2024-20253, a new critical Remote Code Execution (RCE) vulnerability has been revealed, posing a significant threat to Cisco Unified
8 months ago
OP Innovate CVE-2024-20253Unmasking CVE-2024-20253 - Critical-Risk RCE Vulnerability in Cisco Unified Communications Systems - OP INNOVATE
The critical flaw CVE-2024-20253 in Cisco's systems presents a severe threat, allowing unauthenticated remote code execution. With a high severity score, it impacts multiple Cisco products, necessitating immediate patch application or, alternatively, the implementation of ACLs for interim protection
8 months ago
Picus Security CVE-2024-20253CVE-2024-20253: Cisco Unified Comms Remote Code Execution Vulnerability
A critical remote code execution vulnerability was found in Cisco Unified Comms products. Check out this blog to learn about Cisco CVE-2024-20253 vulnerability.
8 months ago
Picus Security CVE-2024-20253CVE-2024-20253: Cisco Unified Comms Remote Code Execution Vulnerability
A critical remote code execution vulnerability was found in Cisco Unified Comms products. Check out this blog to learn about Cisco CVE-2024-20253 vulnerability.
8 months ago
SOCRadar CVE-2024-20253Critical RCE Vulnerability in Cisco Unified Communications with Risk of Root Access (CVE-2024-20253) - SOCRadar® Cyber Intelligence Inc.
Cisco Unified Communications products enable communication among individuals and teams, whereas Contact Center solutions provide AI-power...
8 months ago
Veeam Community Resource Hub CVE-2024-20253CVE-2024-20253 Cisco Unified Communications Products Remote Code Execution Vulnerability | Veeam Community Resource Hub
A flaw in some Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to run arbitrary code...
8 months ago
SecurityLab.ru CVE-2024-20253CVE-2024-20253: уязвимость Cisco позволяет выполнять произвольный код на устройствах колл-центра
Cisco призывает пользователей срочно принять меры безопасности.
8 months ago
Critical Cisco Unified Communications RCE Bug Allows Root Access
The vulnerability, tracked as CVE-2024-20253, makes enterprise communications infrastructure and customer service call centers sitting ducks for unauthenticated cyberattackers.
8 months ago
Penetration Testing CVE-2024-20253CVE-2024-20253 (CVSS 9.9): Cisco Unified Communications Products RCE Vulnerability
This security flaw tracked as CVE-2024-20253 (CVSS score of 9.9) affects the Cisco products in the default configuration
8 months ago
Help Net Security CVE-2024-20272CVE-2023-46805Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) - Help Net Security
Cisco has fixed a critical unauthenticated arbitrary file upload vulnerability (CVE-2024-20272) affecting Cisco Unity Connection.
8 months ago
Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software
Cisco patches a serious flaw in Unity Connection (CVE-2024-20272, CVSS 7.3). Don't let attackers compromise your system
8 months ago
Help Net Security CVE-2023-20198"Disappearing" implants, followed by first fixes for exploited Cisco IOS XE zero-day - Help Net Security
Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant.
11 months ago