Cisco addressed a critical severity vulnerability in the Cisco Secure Email Gateway. Tracked as CVE-2024-20401, the vulnerability may allow an attacker to replace any file on the underlying file system.
Tag: Cisco
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)
Cisco released software updates to address two actively exploited vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software (CVE-2024-20353 & CVE-2024-20359). Successful exploitation of the vulnerabilities may result in remote code execution and denial of service (DoS) conditions. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, acknowledging … Continue reading “Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)”
Cisco Firepower Management Center (FMC) Software Command Injection Vulnerability (CVE-2023-20048)
Cisco has released software updates to address a command injection vulnerability in the Firepower Management Center (FMC). Tracked as CVE-2023-20048, the vulnerability has been given a critical severity rating with a CVSS base score of 9.9. Successful exploitation of the vulnerability may allow an attacker to execute specific unauthorized configuration commands on a Firepower Threat … Continue reading “Cisco Firepower Management Center (FMC) Software Command Injection Vulnerability (CVE-2023-20048)”
Cisco Patches Multiple Security Vulnerabilities in Catalyst SD-WAN Manager (CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262)
Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, is vulnerable to multiple vulnerabilities. The vulnerabilities are tracked as CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262, which have medium, high, and critical severities Successful exploitation of the vulnerabilities may allow an attacker to access an affected instance or cause a denial of service (DoS) condition.
CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)
CISA has added a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software to its Known Exploited Vulnerabilities Catalog. The addition of the vulnerability to CISA KEV is the acknowledgment of active exploitation of the vulnerability. CISA has requested users to patch the vulnerability before October 4, 2023. Ransomware groups are exploiting … Continue reading “CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)”
Cisco Releases Patch for SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)
The Cisco TAC support team has discovered a critical vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software. CVE-2023-20214 allows an unauthenticated attacker to retrieve information and send data to the configuration of the affected Cisco vManage instance. The Cisco SD-WAN Solution provides an advanced, software-based solution that lowers … Continue reading “Cisco Releases Patch for SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)”
Cisco Patched Multiple Vulnerabilities in IP Phone 6800, 7800, 7900, and 8800 Series (CVE-2023-20078 & CVE-2023-20079)
Cisco has released a security advisory to address two critical vulnerabilities in its IP Phone 6800, 7800, 7900, and 8800 Series Web UI. CVE-2023-20078 may allow an unauthenticated, remote attacker to inject arbitrary commands executed with root privileges. CVE-2023-20079 may allow an unauthenticated, remote attacker to reload the affected device, resulting in a … Continue reading “Cisco Patched Multiple Vulnerabilities in IP Phone 6800, 7800, 7900, and 8800 Series (CVE-2023-20078 & CVE-2023-20079)”
Cisco EoL Small Business VPN Routers Multiple Vulnerabilities (CVE-2023-20025 & CVE-2023-20026)
Cisco released a security advisory to address critical severity vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers (CVE-2023-20025 & CVE-2023-20026). On successful exploitation, these vulnerabilities could allow a remote attacker to bypass authentication or execute arbitrary commands on affected devices. Hou Liuyang of Qihoo 360 Netlab … Continue reading “Cisco EoL Small Business VPN Routers Multiple Vulnerabilities (CVE-2023-20025 & CVE-2023-20026)”
Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development Kit
Cisco has released multiple security advisories addressing high severity vulnerabilities in the Webex Meeting app (CVE-2022-20863), SD-WAN vManage (CVE-2022-20696), and RV series VPN routers (CVE-2022-20923). The patches include a fix for a vulnerability related to the NVIDIA Data Plane Development Kit (CVE-2022-28199). As per Cisco’s advisory regarding CVE-2022-20923, the organization “Cisco has not released … Continue reading “Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development Kit”
Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)
Cisco has released a security advisory addressing multiple vulnerabilities affecting Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. The vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842) are rated with high and critical severity and assigned a base CVSS base score between 8.3-9.8. These vulnerabilities could allow unauthenticated, remote attackers to execute arbitrary code and trigger … Continue reading “Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)”