Security News

Cisco commissioned Forrester Consulting to conduct a Total Economic Impact™ study and examine the potential return on investment enterprises may realize by deploying Secure Firewall. The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Secure Firewall on their organizations.

Traditional security architecture focused on a hardened perimeter with a vulnerable interior. Modern security practices focus instead on multiple key control points, such as the network, endpoints, applications, and identities.

Network firewalls are a critical line of defense in securing enterprise networks and protecting their vital data. The rapid transition to cloud infrastructure makes managing networks quite complex and cumbersome, leaving security and information technology teams with the overwhelming task of determining proper restrictions and access.

The most severe of the issues are CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, which impact Cisco Nexus Dashboard for data centers and cloud network infrastructures and could enable an "Unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack." CVE-2022-20857 - Cisco Nexus Dashboard arbitrary command execution vulnerability.

Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root or Administrator privileges. "A successful exploit could allow the attacker to perform actions with Administrator privileges on an affected device," Cisco explains.

Onur Aksoy, the CEO of a group of dozens of companies, was indicted for allegedly selling more than $1 billion worth of counterfeit Cisco network equipment to customers worldwide, including health, military, and government organizations. These devices were sold as new and genuine Cisco products through dozens of Amazon and eBay storefronts to customers across the United States and overseas, some ending up on the networks of hospitals, schools, government, and military orgs.

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server and "Could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device," the company said in an advisory.

Cisco partnering with GDIT to provide private 5G to government agencies. Cisco has announced today that it has expanded its partnership with General Dynamics Information Technology to bring Cisco private 5G capabilities to a spectrum of government agencies.

Cisco has alerted customers to four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances.

Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication.Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper authentication checks when an affected device uses Lightweight Directory Access Protocol for external authentication.