Security News

The most severe of the issues are CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, which impact Cisco Nexus Dashboard for data centers and cloud network infrastructures and could enable an "Unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack." CVE-2022-20857 - Cisco Nexus Dashboard arbitrary command execution vulnerability.

Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root or Administrator privileges. "A successful exploit could allow the attacker to perform actions with Administrator privileges on an affected device," Cisco explains.

Onur Aksoy, the CEO of a group of dozens of companies, was indicted for allegedly selling more than $1 billion worth of counterfeit Cisco network equipment to customers worldwide, including health, military, and government organizations. These devices were sold as new and genuine Cisco products through dozens of Amazon and eBay storefronts to customers across the United States and overseas, some ending up on the networks of hospitals, schools, government, and military orgs.

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server and "Could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device," the company said in an advisory.

Cisco partnering with GDIT to provide private 5G to government agencies. Cisco has announced today that it has expanded its partnership with General Dynamics Information Technology to bring Cisco private 5G capabilities to a spectrum of government agencies.

Cisco has alerted customers to four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances.

Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication.Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper authentication checks when an affected device uses Lightweight Directory Access Protocol for external authentication.

Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. According to a Cisco security advisory, the flaw exists due to insufficient user input validation of incoming HTTP packets on the impacted devices.

Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. The security flaw was found in the external authentication functionality of virtual and hardware Cisco Email Security Appliance and Cisco Secure Email and Web Manager appliances.

Establishing some level of cybersecurity measures across all organizations will soon reach human-rights issue status, according to Jeetu Patel, Cisco EVP for security and collaboration. "It's our civic duty to ensure that everyone below the security poverty line has a level of safety, because it's gonna eventually get to be a human-rights issue," Patel told The Register, in an exclusive interview ahead of his RSA Conference keynote.