Cisco News Articles
Recent news articles refferecing the vendors vulnerabilities.
Cisco Industrial Wireless Software Flaw Let Attackers Run Command As Root User
A critical security vulnerability tracked as “CVE-2024-20418”, was detected recently in the web GUI of Cisco Unified Industrial Wireless Software installed on Ultra-Reliable Wireless Backhaul (URWB) Access Points.
2 months ago
Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw
Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert. The weakness – dubbed CVE-2024-20418 and made public yesterday – is...
2 months ago
Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) - Help Net Security
Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul (URWB) Access Points.
2 months ago
Cisco Flaw Let Attackers Run Command as Root User
A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.
2 months ago
CISA Warns of Cisco ASA & Roundcube Vulnerabilities Exploited in Wild
(CISA has announced the addition of two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
2 months ago
Cisco fixes bug under exploit in brute-force attacks
Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service...
2 months ago
Cisco fixes VPN DoS flaw discovered in password spray attacks
Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April.
2 months ago
Cisco ASA and FTD zero day used in password spraying attacks | Tech...
Another Cisco ASA and FTD vulnerability was disclosed on Wednesday. Organizations are urged to patch as its under active exploitation.
2 months ago
Cisco fixed tens of vulnerabilities, including an actively exploited one
Cisco patched vulnerabilities in ASA, FMC, and FTD products, including one actively exploited in a large-scale brute-force attack campaign.
2 months ago
Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw
Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software.
2 months ago
CVE-2024-20393 Description, Impact and Technical Details
CVE-2024-20393 is a vulnerability affecting Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, which allows an authen…
3 months ago
Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability [CVE-2024-20432]
CVE number = CVE-2024-20432 A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command...
3 months ago
Critical Cisco Expressway Flaw Let Remote Execute Arbitrary Code
Cisco patched the CSRF vulnerabilities identified as CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6).
4 months ago
Hackers target recently disclosed LiteSpeed Cache vulnerability.
Halliburton sustains cyberattack. Chinese threat actor exploited Cisco zero-day.
4 months ago
Zero-day Cisco switch bug being exploited by cyber actors
The flaw, tracked as CVE-2024-20399 with a CVSS score of 6.0, allows attackers with valid admin credentials to bypass the NX-OS command line interface and execute arbitrary commands on the underlying Linux OS.
4 months ago
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
Chinese hackers exploit Cisco switch vulnerability to gain system control and evade detection. Cybersecurity firm uncovers sophisticated espionage cam
4 months ago
Maximum severity Cisco SSM On-Prem vulnerability addressed
Such a vulnerability, tracked as CVE-2024-20419, could be exploited to facilitate web UI or API access and eventually allow the unauthenticated creation of new user passwords, according to Cisco.
5 months ago
Cisco patches vulnerability allowing attackers to change admin passwords
Named CVE-2024-20419, the bug affecting Cisco Smart Software Manager On-Prem carries the maximum possible CVSS rating.
5 months ago
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.
5 months ago
Critical Cisco bug allows crims to change admin passwords
Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1...
5 months ago
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) - Help Net Security
CVE-2024-20401 enables overwriting files on Cisco Secure Email Gateways, CVE-2024-20419 allows changing account passwords on SSM On-Prem.
5 months ago
Cisco plugs zero-day abused by suspected Chinese cyber spies
Cisco switch owners should probably apply the patch that just dropped for a vulnerability that was exploited in April as a zero-day to install malware on an array of its Nexus switches. On paper,...
6 months ago
Novel Cisco NX-OS zero-day leveraged by Chinese hackers
Chinese state-backed hacking group Velvet Ant targeted Cisco network switches with NX-OS software impacted by the newly discovered zero-day, tracked as CVE-2024-20399, as part of a cyberespionage attack in April, according to The Record, a news site by cybersecurity firm Recorded Future.
6 months ago
Patch Now: Cisco Zero-Day Under Fire From Chinese APT
Threat actor "Velvet Ant" has been exploiting a vulnerability in Cisco's NX-OS Software for managing a variety of switches, executing commands and dropping custom malware.
6 months ago
思科針對網路設備作業系統NX-OS零時差漏洞提出警告,中國駭客Velvet Ant將其用於散布惡意軟體
本週思科公布旗下網路設備作業系統NX-OS的漏洞CVE-2024-20399,並指出已在3個月前出現攻擊行動,通報此事的資安業者Sygnia表示,中國駭客Velvet Ant已將其用於網路間諜活動
6 months ago
Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies
Cisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant.
6 months ago
Threat Brief: Cisco IOS XE Web UI Privilege Escalation Vulnerability (Updated)
CVE-2023-20198 impacts Cisco IOS XE devices and allows attackers full admin access. Our overview includes attack surface telemetry of potential impact.
7 months ago
Top Cyber Security Informer Penetration Testing Artificial Intelligence Content for Thu.May 23, 2024
Best content around Penetration Testing Artificial Intelligence selected by the Cyber Security Informer community.
7 months ago
Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks
A vulnerability has been identified in the web-based management interface of Cisco FMC Software, potentially allowing authentication.
7 months ago
Multiple Cisco Products Vulnerabilities - Rewterz
Cisco Firepower Management Center Software is vulnerable to SQL injection.
7 months ago
Norway issues warning after ‘important businesses’ affected by Cisco zero-days
The chief of Norway's NSM agency said the pair of zero-day vulnerabilities affecting Cisco IOS XE had created a "very serious" situation for some organizations.
8 months ago
Kroll analysts respond to exploitation of vulnerability within the web user interface (UI) functionality of Cisco IOS XE. Read more.
Kroll analysts respond to exploitation of vulnerability within the web user interface (UI) functionality of Cisco IOS XE. Read more.
8 months ago
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024 - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days
8 months ago
Cisco Zero-Days Anchor 'ArcaneDoor' Cyber Espionage Campaign
Attacks by a previously unknown state-sponsored actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.
8 months ago
Cisco zero-day flaws in ASA, FTD software under attack | TechTarget
Cisco said two zero-day flaws in its ASA and FTD products were exploited by a nation-state threat actor in a campaign called 'ArcaneDoor.'
8 months ago
ArcaneDoor Exploiting Cisco Zero-Days To Attack Government Networks
Hackers target Cisco zero-days as they can abuse the widely used networking equipment that contains vulnerabilities which means they can affect many systems and networks in one shot.
8 months ago
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) - Help Net Security
Attackers have used two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on government Cisco ASA appliances.
8 months ago
Vulnerability • InfoTech & InfoSec News
CVE-2024-20295: Cisco Integrated Management Controller CLI Command Injection VulnerabilityCisco has released updates to address a critical vulnerability in its Integrated Management Controller, which allows...
8 months ago
Cisco discloses high-severity vulnerability, PoC available | TechTa...
Cisco published a security advisory for the vulnerability tracked as CVE-2024-20295 and urged users to upgrade to fixed versions.
8 months ago
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
Exploiting remote code execution in Cisco's CIMC management system and jailbreaking the device to run untrusted code
8 months ago
Cisco'dan Kritik Zafiyet Uyarısı! - ÇözümPark
Cisco, Integrated Management Controller (IMC)’da tespit edilen ve saldırganlara root yetkiler sağlayan kritik zafiyet için güncelleme yayınlandı. İşin en kötü tarafı zafiyete ait exploit’in public olarak yayınlanmış olması. CVE-2024-20295 olarak izlenen versayılan yapılandırmalarda zafiyet aşağıdaki...
8 months ago
CVE-2024-20328 | AttackerKB
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service ac…
9 months ago
ClamAV Not So Calm [CVE-2024-20328]
A pretty classic command injection vulnerability but in ClamAV. Often seen (in my experience) running on mail-servers to scan incoming email attachments. When a virus is detected `clamd` will execute a command: ``` VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v in %f" ``` Where `...
9 months ago
Cyber Threat Landscape: A Look at Cisco’s CVE-2024-20337 Patch
Unveil the threat of CVE-2024-20337 with Cisco’s Secure Client flaw. Learn how to secure your VPN sessions and protect against potential hijacking.
9 months ago
Cisco Patches VPN Hijacking Bug - Spiceworks
Cisco has released patches for a critical vulnerability that enabled VPN hijacking in its Secure Client software. Find out more.
10 months ago
Understanding CVE-2024-20337: A Deep Dive into Cisco's Latest Patch
The Critical Flaw in Cisco's Secure Client Cisco has taken significant steps to mitigate a high-severity vulnerability in its Secure Client software, identified as CVE-2024-20337. With a CVSS score of 8.2, this flaw allowed for a carriage return line feed (CRLF) injection attack, representing a sop...
10 months ago
Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) - Help Net Security
Cisco has fixed a vulnerability (CVE-2024-20337) in its Secure Client enterprise VPN solution that could reveal users' authentication tokens.
10 months ago
Cisco Duo for Windows Logon and RDP Let Attacker Bypass Authentication
A vulnerability, CVE-2024-20301 identified in Cisco Duo Authentication for Windows Logon and Remote Desktop Protocol (RDP), risk to affected.
10 months ago
No Click Required: PoC Available for ClamAV Command Injection Bug (CVE-2024-20328)
A PoC for CVE-2024-20328, a critical vulnerability in ClamAV, that allows remote code execution, was published
11 months ago
ClamAV Bugs Expose Users to Command Injection (CVE-2024-20328) and DoS Attacks (CVE-2024-20290)
ClamAV's developers issued critical patches addressing two vulnerabilities (CVE-2024-20328 & CVE-2024-20290) within the library
11 months ago