Cisco Vulnerability

Multiple Cisco Vulnerabilities Threat Alert-1

December 14, 2020


On November 18, 2020 (local time), Cisco released security advisories fixing vulnerabilities in multiple products. These vulnerabilities include three high-risk ones: CVE-2020-3531, CVE-2020-3586, and CVE-2020-3470.

Reference link:

Cisco SD-WAN High-Risk Vulnerabilities (CVE-2020-3374, CVE-2020-3375) Threat Alert

August 28, 2020


Recently, Cisco released an announcement stating that it has repaired two high-risk vulnerabilities in Cisco SD-WAN vManager Software (CVE-2020-3374) and SD-WAN Solution Software (CVE-2020-3375).

Cisco SD-WAN is a secure cloud-scale architecture with openness, programmability, and scalability. Through the Cisco vManage console, you can quickly establish SD-WAN coverage structures to connect data centers, branch offices, campuses, and colocation facilities to improve network speed, security, and efficiency.


Cisco Aironet Access Points Unauthorized Access Vulnerability Threat Alert

November 4, 2019


On October 17, local time, Cisco issued a security notice claiming that an unauthorized access vulnerability to Aironet Access Points (APs) was fixed. The vulnerability stems from the fact that no specific URL is filtered. An attacker can obtain the access rights of the device by constructing a malicious URL and sending it to the affected AP to trigger the vulnerability. The attacker can then modify multiple configuration data of the AP and cause a denial of service attack.

Cisco Small Business 220 Series Smart Switches Multiple Vulnerabilities Threat Alert

August 14, 2019


On August 6, 2019, local time, Cisco released security advisories on remediation of three vulnerabilities in Small Business 220 Series Smart Switches, including two critical ones, one of which has a CVSS 3.0 score as high as 9.8. (more…)

Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability Threat Alert

May 17, 2019


Cisco has released a security advisory, announcing the existence of a REST API authentication bypass vulnerability (CVE-2019-1867) in Cisco Elastic Services Controller (ESC). This vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow an unauthenticated, remote attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. (more…)

Cisco IOS XR 64-Bit Critical Vulnerability (CVE-2019-1710) Threat Alert

May 2, 2019


Cisco has released a security advisory to announce the fix of a vulnerability (CVE-2019-1710) in Cisco IOS XR 64-bit Software running on Cisco ASR 9000 Series Aggregation Services Routers. This vulnerability is the result of incorrect isolation of the secondary management interface from internal sysadmin applications. An unauthenticated attacker could exploit this vulnerability to log in to an affected device remotely or cause a denial of service. (more…)

Cisco Common Service Platform Collector Default Password Vulnerability (CVE-2019-1723) Threat Alert

April 29, 2019


Cisco officially released a security advisory, announcing the fix of a vulnerability (CVE-2019-1723) existing in the Cisco Common Service Platform Collector (CSPC).

This vulnerability exists because the affected software has a default account with a fixed password. An attacker could exploit this vulnerability to remotely access an affected device by using this account. This account does not have administrative privileges. (more…)


Subscribe to the NSFOCUS Blog