Cisco

Multiple Cisco Vulnerabilities Threat Alert 2020

August 4, 2020

Overview

On July 15, 2020 local time, Cisco released security advisories to address vulnerabilities across multiple products, including five Critical vulnerabilities with a CVSS base score of 9.8 (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144, CVE-2020-3331, and CVE-2020-3140).

Reference link:

https://tools.cisco.com/security/center/publicationListing.x
(more…)

Cisco Unified Contact Center Express (Unified CCX) Deserialization Code Execution Vulnerability (CVE-2020-3280) Threat Alert

June 2, 2020

Overview

Recently, Cisco officially released a security advisory, announcing the fix of a high-risk vulnerability (CVE-2020-3280) in Unified Contact Center Express (Unified CCX). The vulnerability stems from the fact that during the deserialization operation of the software, the input provided by the user is not sufficiently restricted. The attacker can send a malicious Java object to trigger the vulnerability without authorization to execute arbitrary code.

CVSS3.0 Base Score: 9.8

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

(more…)

Cisco Discovery Protocol Vulnerabilities Threat Alert

February 19, 2020

Overview

On February 6, 2020, Beijing time, Cisco fixed five high-risk vulnerabilities in the Cisco Discovery Protocol (CDP) in new versions. The CDP protocol allows Cisco devices to share information in the intranet via multicast messages. These vulnerabilities affect VoIP (Voice over Internet Protocol) phones and cameras. (more…)

Cisco Data Center Network Manager (DCNM) authentication bypass vulnerability Security Alert

January 21, 2020

Overview

Multiple vulnerabilities in the authentication mechanism of Cisco Data Center Network Manager (dcnm) (cve-2019-15975, cve-2019-15976, cve-2019-15977) may allow unauthorized remote attackers to bypass authentication and perform arbitrary operations with administrative privileges on the affected devices. (more…)

Multiple Cisco Products Contain Critical Vulnerabilities Threat Alert

September 20, 2019

Overview

On August 21, 2019, local time, Cisco officially released multiple security advisories, announcing remediation of critical vulnerabilities in a number of products. These vulnerabilities include authentication bypass and remote code execution vulnerabilities and the most critical one gets a CVSS score of 9.8. (more…)

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability (CVE-2019-12643) Threat Alert

September 13, 2019

Overview

On August 28, 2019, local time, Cisco released a security advisory, announcing remediation of an authentication bypass vulnerability (CVE-2019-12643) in the Cisco REST API virtual service container for Cisco IOS XE Software. (more…)

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities Threat Alert

May 31, 2019

Overview

On May 15, 2019, local time, Cisco officially released a security advisory, announcing remediation of three critical remote code execution vulnerabilities (CVE-2019-1821, CVE-2019-1822, and CVE-2019-1823) in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPN). (more…)

Cisco RV110W, RV130W, and RV215W Routers Web-based Management Interface Remote Code Execution Vulnerability Threat Alert

March 25, 2019

Overview

On February 27 (local time), Cisco officially released a security advisory to announce a critical security vulnerability (CVE-2019-1663) in Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. This vulnerability exists in the web-based management interface of the preceding products, which fails to properly validate user-supplied data. (more…)