Security News

This is the next important step in Cisco's journey to radically simplify security and networking by helping network operations and security operations teams securely connect users to applications. Cisco introduces the ability to purchase all core SASE product components in a single offer with the flexibility to easily transition to a single subscription service in the future, enabling organizations to start using Cisco's integrated architecture immediately.

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "Attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service condition," the networking major said in an advisory. In order to do this, an attacker needs to be authenticated to an Extensible Messaging and Presence Protocol server running the vulnerable software, as well as be able to send XMPP messages.

Cisco has addressed a critical arbitrary program execution vulnerability impacting several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol. The vulnerability does not affect Cisco Jabber client software configured for Team Messaging or Phone-only modes.

A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. Cisco issued fixes on Wednesday for the flaw in its RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wireless-AC VPN routers.

Tufin announced the release of the Policy Change Automation app for Cisco ACI, further advancing Tufin's leadership in security policy automation in Software Defined Networking environments. While automation solutions for ACI avoid manual errors and make change requests more efficient, they must accommodate a wide variety of possible implementations, deploying the right ACI contracts and relevant firewall rule changes.

Cisco announced the appointment of Marianna Tessel to its board of directors. "We are excited to welcome Marianna to the Cisco Board," said Chuck Robbins, chairman and CEO, Cisco.

Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service attacks due to a vulnerability in the Snort detection engine. Cisco says the vulnerability is in the Ethernet Frame Decoder component of Snort.

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure Multi-Site Orchestrator that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. Separately, the company also patched multiple flaws in Cisco Application Services Engine that could grant a remote attacker to access a privileged service or specific APIs, resulting in capabilities to run containers or invoke host-level operations, and learn "Device-specific information, create tech support files in an isolated volume, and make limited configuration changes."

Cisco this week released patches for over a dozen vulnerabilities affecting multiple products, including three critical bugs impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Also featuring a CVSS score of 9.8, the third critical flaw that Cisco patched this week affects Nexus 3000 and Nexus 9000 series switches.

A critical vulnerability in Cisco Systems' intersite policy manager software could allow a remote attacker to bypass authentication. The flaw stems from improper token validation on an API endpoint in Cisco's ACI MSO. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller devices," said Cisco on Wednesday.