Security News
Cisco has flagged and patched several high-severity security vulnerabilities in its Cisco Small Business 220 Series Smart Switches that could allow session hijacking, arbitrary code execution, cross-site scripting and HTML injection. Finally, CVE-2021-1571 could allow an unauthenticated, remote attacker to conduct a HTML injection attack.
Cisco announced a new portfolio of Catalyst industrial routers to extend the power of the enterprise network to the edge with the flexibility, security and scalability needed for IoT success. Three new Catalyst 5G Industrial Routers to securely connect mobile and fixed assets: These new routers are based on Cisco IOS XE to extend the enterprise network and SD-WAN to the edge.
The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution with elevated privileges, researchers said. Armed with these credentials, Rapid7 was then able to successfully bypass the restricted shell menu environment using CVE-2021-31580/81.
Cisco unveiled an all-new Webex Suite with innovations to serve as the foundation for inclusive hybrid work and events, delivering unmatched levels of flexibility and personalization for everyone. "The all-new Webex Suite ensures everyone in a hybrid workforce has equal opportunity and voice."
Cisco's Smart Install protocol is still being abused in attacks - five years after the networking giant issued its first warning - and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers. Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches.
Cisco and AT&T are making it easier for businesses to adapt to the future of work, whatever it may be. "Our Webex solutions transformed the cloud calling experience and combine enterprise-calling features with market-leading virtual meetings and collaboration technology - all within the Webex App. And we're proud to work with AT&T to provide its customers and employees with the tools and technologies they require to thrive in the new hybrid workplace."
NS1 announced that its DNS, DHCP, and IP address management platform can now be hosted on Cisco Catalyst 9300 and 9400 Series switches to deliver faster, more scalable network services with lower cost by leveraging the network hardware already in place. By hosting NS1 Enterprise DDI on the industry's most widely deployed family of switches, customers can use their existing Cisco Catalyst infrastructure for edge deployments with improved scalability, redundancy, and performance optimization across distributed environments.
Enterprise security vendor Cisco has shipped fixes for a wide range of severity vulnerabilities, including patches for high-risk flaws in the widely deployed Webex Player, SD-WAN software, and ASR 5000 series software. A total of three high-severity vulnerabilities were patched in Webex Player for Windows and macOS, two of which also affect the Webex Network Recording Player for those operating systems.
Cisco's Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system. Apple's own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them.
A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions. The vulnerability, tracked as CVE-2021-28091, was initially reported to Akamai as it was discovered in the company's Enterprise Application Access product, which uses Lasso to verify SAML assertions for applications when a customer configures SAML authentication with third-party identity providers.