Security News
The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution with elevated privileges, researchers said. Armed with these credentials, Rapid7 was then able to successfully bypass the restricted shell menu environment using CVE-2021-31580/81.
Cisco unveiled an all-new Webex Suite with innovations to serve as the foundation for inclusive hybrid work and events, delivering unmatched levels of flexibility and personalization for everyone. "The all-new Webex Suite ensures everyone in a hybrid workforce has equal opportunity and voice."
Cisco's Smart Install protocol is still being abused in attacks - five years after the networking giant issued its first warning - and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers. Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches.
Cisco and AT&T are making it easier for businesses to adapt to the future of work, whatever it may be. "Our Webex solutions transformed the cloud calling experience and combine enterprise-calling features with market-leading virtual meetings and collaboration technology - all within the Webex App. And we're proud to work with AT&T to provide its customers and employees with the tools and technologies they require to thrive in the new hybrid workplace."
NS1 announced that its DNS, DHCP, and IP address management platform can now be hosted on Cisco Catalyst 9300 and 9400 Series switches to deliver faster, more scalable network services with lower cost by leveraging the network hardware already in place. By hosting NS1 Enterprise DDI on the industry's most widely deployed family of switches, customers can use their existing Cisco Catalyst infrastructure for edge deployments with improved scalability, redundancy, and performance optimization across distributed environments.
Enterprise security vendor Cisco has shipped fixes for a wide range of severity vulnerabilities, including patches for high-risk flaws in the widely deployed Webex Player, SD-WAN software, and ASR 5000 series software. A total of three high-severity vulnerabilities were patched in Webex Player for Windows and macOS, two of which also affect the Webex Network Recording Player for those operating systems.
Cisco's Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system. Apple's own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them.
A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions. The vulnerability, tracked as CVE-2021-28091, was initially reported to Akamai as it was discovered in the company's Enterprise Application Access product, which uses Lasso to verify SAML assertions for applications when a customer configures SAML authentication with third-party identity providers.
Cisco this week announced the availability of patches for a high-severity vulnerability in AnyConnect Secure Mobility Client that could be exploited for code execution. Initially disclosed in November 2020, the flaw affects the interprocess communication channel of the secure VPN application and could be abused by a local attacker to cause an AnyConnect user to run a malicious script.
Networking giant Cisco said Friday that it has agreed to acquire Kenna Security, a privately held cybersecurity company focused on vulnerability management technology. Santa Clara, Calif.-based Kenna provides a risk-based vulnerability management platform that helps organizations identify and determine which vulnerabilities pose the highest risk so that security teams don't waste valuable time on weaknesses that are unlikely to be exploited.