Security News

Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service condition on vulnerable devices. The most severe of the issues is CVE-2021-34770, which Cisco calls a "Logic error" that occurs during the processing of CAPWAP packets that enable a central wireless Controller to manage a group of wireless access points.

Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software that could be exploited by an attacker to take control of an affected system. The network equipment maker said it's aware of a publicly available proof-of-concept exploit code targeting the vulnerability, but added it's not detected any successful weaponization attempts in the wild.

A critical vulnerability that affects Cisco Enterprise NFV Infrastructure Software has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already available. The bug could be exploited by remote attackers to bypass authentication and log in to an affected device as an administrator.

Cisco has patched a near-max critical bug in its NFVIS software for which there's a publicly available proof-of-concept exploit. On Wednesday, Cisco released patches for the flaw - an authentication bypass vulnerability in Enterprise NFV Infrastructure Software that's tracked as CVE-2021-34746.

Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software vulnerability with public proof-of-concept exploit code.CVE-2021-34746 is caused by incomplete validation of user-supplied input passed to an authentication script during the sign-in process which allows unauthenticated, remote attackers to log into unpatched device as an administrator.

Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system. " A successful exploit could allow the attacker to read or write arbitrary files on an affected device," the company said in an advisory.

Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system. " A successful exploit could allow the attacker to read or write arbitrary files on an affected device," the company said in an advisory.

Cisco Systems released six security patches tied to its high-end 9000 series networking gear ranging in importance from critical, high and medium severity. The most serious of the bugs patched by Cisco could allow a remote and unauthenticated adversary to read or write arbitrary files on to an application protocol interface used in Cisco 9000 series switches designed to manage its software-defined networking data center solution.

A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019. "The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers."

A critical security vulnerability in Cisco Small Business Routers allows remote code execution and denial of service. The bug is one of six addressed by Cisco this week; it also issued an advisory for the critical BlackBerry QNX-2021-001 vulnerability unveiled earlier this week, which affects multiple vendors, well beyond Cisco.