Security News
Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller that could be abused by an unauthenticated, remote attacker to take control of an affected system. "An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials."
Cisco has released a security advisory to warn about a critical vulnerability, tracked as CVE-2022-20695, impacting the Wireless LAN Controller software. According to Cisco's advisory, the products affected by this flaw are those that run Cisco WLC Software 8.10.151.0 or Release 8.10.162.0 and have "Macfilter radius compatibility" configured as "Other."
Boffins at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones - and that these apps have the ability to access audio data when muted, or actually do so. One app transmits statistics of the audio to its telemetry servers while the app is muted.
Cisco has joined the growing list of security and technology companies that no longer offer services in Russia after their invasion of Ukraine. Software companies are pulling out of Russia and ramping up their support to Ukraine in various ways.
Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. "These vulnerabilities were found during internal security testing by Jason Crowder of the Cisco Advanced Security Initiatives Group," the company noted in its advisory published Wednesday.
Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650, which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data.
Cisco has warned users of its Firepower firewalls - physical and virtual - that they may need to upgrade their kit within a four-day window or miss out on security intelligence updates.A Monday Field Notice advised that the SSL certificate authority used to sign certificates for Talos security intelligence updates will be decommissioned and replaced on March 6, 2022.
Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance that could result in a denial-of-service condition on an affected device. The weakness, assigned the identifier CVE-2022-20653, stems from a case of insufficient error handling in DNS name resolution that could be abused by an unauthenticated, remote attacker to send a specially crafted email message and cause a DoS. "A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition," the company said in an advisory.
Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages. The security flaw was found in DNS-based Authentication of Named Entities, a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and other threats.
Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages. The security flaw was found in DNS-based Authentication of Named Entities, a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and other threats.