Cisco has released software updates to address a command injection vulnerability in the Firepower Management Center (FMC). Tracked as CVE-2023-20048, the vulnerability has been given a critical severity rating with a CVSS base score of 9.9. Successful exploitation of the vulnerability may allow an attacker to execute specific unauthorized configuration commands on a Firepower Threat … Continue reading “Cisco Firepower Management Center (FMC) Software Command Injection Vulnerability (CVE-2023-20048)”
Tag: Cisco
Cisco Patches Multiple Security Vulnerabilities in Catalyst SD-WAN Manager (CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262)
Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, is vulnerable to multiple vulnerabilities. The vulnerabilities are tracked as CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262, which have medium, high, and critical severities Successful exploitation of the vulnerabilities may allow an attacker to access an affected instance or cause a denial of service (DoS) condition.
CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)
CISA has added a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software to its Known Exploited Vulnerabilities Catalog. The addition of the vulnerability to CISA KEV is the acknowledgment of active exploitation of the vulnerability. CISA has requested users to patch the vulnerability before October 4, 2023. Ransomware groups are exploiting … Continue reading “CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)”
Cisco Releases Patch for SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)
The Cisco TAC support team has discovered a critical vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software. CVE-2023-20214 allows an unauthenticated attacker to retrieve information and send data to the configuration of the affected Cisco vManage instance. The Cisco SD-WAN Solution provides an advanced, software-based solution that lowers … Continue reading “Cisco Releases Patch for SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)”
Cisco Patched Multiple Vulnerabilities in IP Phone 6800, 7800, 7900, and 8800 Series (CVE-2023-20078 & CVE-2023-20079)
Cisco has released a security advisory to address two critical vulnerabilities in its IP Phone 6800, 7800, 7900, and 8800 Series Web UI. CVE-2023-20078 may allow an unauthenticated, remote attacker to inject arbitrary commands executed with root privileges. CVE-2023-20079 may allow an unauthenticated, remote attacker to reload the affected device, resulting in a … Continue reading “Cisco Patched Multiple Vulnerabilities in IP Phone 6800, 7800, 7900, and 8800 Series (CVE-2023-20078 & CVE-2023-20079)”
Cisco EoL Small Business VPN Routers Multiple Vulnerabilities (CVE-2023-20025 & CVE-2023-20026)
Cisco released a security advisory to address critical severity vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers (CVE-2023-20025 & CVE-2023-20026). On successful exploitation, these vulnerabilities could allow a remote attacker to bypass authentication or execute arbitrary commands on affected devices. Hou Liuyang of Qihoo 360 Netlab … Continue reading “Cisco EoL Small Business VPN Routers Multiple Vulnerabilities (CVE-2023-20025 & CVE-2023-20026)”
Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development Kit
Cisco has released multiple security advisories addressing high severity vulnerabilities in the Webex Meeting app (CVE-2022-20863), SD-WAN vManage (CVE-2022-20696), and RV series VPN routers (CVE-2022-20923). The patches include a fix for a vulnerability related to the NVIDIA Data Plane Development Kit (CVE-2022-28199). As per Cisco’s advisory regarding CVE-2022-20923, the organization “Cisco has not released … Continue reading “Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development Kit”
Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)
Cisco has released a security advisory addressing multiple vulnerabilities affecting Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. The vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842) are rated with high and critical severity and assigned a base CVSS base score between 8.3-9.8. These vulnerabilities could allow unauthenticated, remote attackers to execute arbitrary code and trigger … Continue reading “Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)”
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)
Cisco has released patches for multiple vulnerabilities in Cisco Nexus Dashboard (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861). The vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. These vulnerabilities were discovered during internal security testing by Michael J Davenport of the … Continue reading “Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)”
Cisco Expressway Series and TelePresence Video Communication Server Vulnerabilities (CVE-2022-20812 and CVE-2022-20813)
Cisco patched two critical vulnerabilities in Expressway and TelePresence Video Communication Server. Tracked as CVE-2022-20812 and CVE-2022-20813, the vulnerabilities could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. The vulnerabilities exist in the API and the web-based management interface of Cisco Expressway Series and TelePresence … Continue reading “Cisco Expressway Series and TelePresence Video Communication Server Vulnerabilities (CVE-2022-20812 and CVE-2022-20813)”