Cisco

Vulnerabilities

Issued by: Security Week

Impacting the OSPF version 3 (OSPFv3) feature of NX-OS, the first of these issues is tracked as CVE-2022-20823 and could be exploited remotely, without authentication, to cause a denial-of-service (DoS) condition. The flaw exists due to incomplete input validation of specific OSPFv3 packets, allowing an attacker to send a malicious OSPFv3 link-state advertisement (LSA) to…

Application Security

Issued by: Dark Reading

Authentication used to be binary: I give you access or I don’t give you access. But with the rise of remote/hybrid work and the growing number of cloud applications in use, organizations need an even more precise approach to authentication, says Ash Devata, vice-president and general manager of Cisco Zero Trust and Duo Security. “Every…

Vulnerabilities

Issued by: Help Net Security

A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day…

Vulnerabilities

Issued by: Security Week

Successful exploitation of these vulnerabilities could allow attackers to cause a denial of service (DoS) condition, execute arbitrary commands as root, or elevate privileges. Two high-severity issues (CVE-2021-34779, CVE-2021-34780) were found in the Link Layer Discovery Protocol (LLDP) implementation for Small Business 220 series smart switches, leading to the execution of arbitrary code and a…

Vulnerabilities

Issued by: Security Week

The affected tool is R-SeeNet, which is designed to help network administrators monitor their Advantech routers. Talos researchers discovered that R-SeeNet is affected by seven vulnerabilities, a majority of which have been assigned a critical severity rating. An attacker can exploit the vulnerabilities to execute arbitrary JavaScript code in the targeted user’s browser by getting…

Vulnerabilities

Issued by: Security Week

Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after. CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported…

Malware & Threats

Issued by: Security Week

Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. Smart Install can be very useful for organizations, but it can also pose a serious security risk. Once a device has been set up through Smart Install, the feature remains enabled and it can be accessed without…

Vulnerabilities

Issued by: Security Week

SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple’s own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them. One of the security holes was fixed silently by Apple, one was…

Software Security

Issued by: Dark Reading

Cisco today confirmed plans to acquire Kenna Security, provider of vulnerability management technology, with plans to integrate its capabilities into the SecureX platform. Kenna Security’s technology uses machine learning to analyze threat data and identify which risks organizations should prioritize – a useful technology to have at a time when organizations are struggling with a…