Cisco

Vulnerabilities

Issued by: SecurityWeek

The first of the high-severity bugs, CVE-2024-20321, exists because External Border Gateway Protocol (eBGP) traffic “is mapped to a shared hardware rate-limiter queue”, allowing an unauthenticated, remote attacker to send large amounts of traffic and cause a denial-of-service (DoS) condition. According to Cisco, under certain conditions, the security defect impacts Nexus 3600 series switches and…

Vulnerabilities

Issued by: CSO Online

Cisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging administrators to deploy the available patches because “a cyber threat actor could…

Vulnerabilities

Issued by: DataBreach Today

Cisco on Monday asked customers to urgently disable the HTTP Server feature on internet-facing systems that was discovered to have a critical vulnerability in its modular operating system’s web interface. Hackers exploited the IOS XE software web user interface feature to gain administrator-level privileges, effectively taking complete control of compromised devices, Cisco Talos said in…

Malware & Threats

Issued by: Security Affairs

Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases. The vulnerability can be exploited by an attacker to gain administrator privileges and take…

Cloud Security

Issued by: Dark Reading

Cisco’s massive $28 billion acquisition of Splunk in September was the financial highlight of a quarter during which several other vendors also made strategic purchases to position themselves for emerging enterprise requirements around cloud, application, and identity security. The acquisitions added to a better-than-expected quarter ended Sept. 30, 2023, with venture funding also picking up…

Vulnerabilities

Issued by: DataBreach Today

Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers’ location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder tracking and routing software, opening up a permanent backdoor for potential unauthenticated attackers. At some point in the development cycle, static user credentials for…

Vulnerabilities

Issued by: CSO Online

Cisco patched authentication, privilege escalation, and denial-of-service vulnerabilities this week in several of its products, including one that’s used for identifying the location of 9-1-1 emergency callers. The flaw in Cisco Emergency Responder is caused by the presence of default static credentials for the root account that were used during development but were never removed….

Network Security

Issued by: DataBreach Today

It turns out SIEM isn’t on life support after all. Cisco is providing 28 billion reasons to believe enterprises aren’t scrapping the security operations center staple anytime soon. Rivals with other types of security technology have attempted to write SIEM’s obituary for years. In December 2022, Palo Alto Networks CEO Nikesh Arora said, “I feel…