Security News

Once they have meeting access, an attacker could exploit the flaw by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. It affected all Cisco Webex Meetings sites prior to November 17, 2020; and all Cisco Webex Meetings apps releases 40.10.9 and earlier for iOS and Android.

Cisco has fixed today three Webex Meetings security vulnerabilities that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. The three bugs also enabled attackers to remain in the Webex meeting and maintain a bidirectional audio connection even after admins would remove them and access Webex users' information like email addresses and IP addresses from the meeting room lobby.

A day after proof-of-concept exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. PoC exploits for the flaw - as well as 11 other issues in Cisco Security Manager - were published online Monday by security researcher Florian Hauser.

Cisco this week released advisories for three serious vulnerabilities in Security Manager that already have proof-of-concept exploit code available online. Cisco says that there are no workarounds available for this vulnerability but that Cisco Security Manager 4.22 addresses is.

Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system. Those are part of a batch of twelve vulnerabilities flagged in July 2020 by Florian Hauser, a security researcher and red teamer at Code White.

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The flaws were responsibly reported to Cisco's Product Security Incident Response Team three months ago, on July 13.

A high-severity flaw in Cisco's IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers. The flaw stems from Cisco IOS XR, a train of Cisco Systems' widely deployed Internetworking Operating System.

Cisco has disclosed a zero-day vulnerability - for which there is not yet a patch - in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. "Cisco plans to fix this vulnerability in a future release of Cisco AnyConnect Secure Mobility Client Software."

Cisco informed customers on Wednesday that it's working on a patch for a code execution vulnerability affecting its AnyConnect product. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script.

Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available. While security updates are not yet available for this arbitrary code execution vulnerability, Cisco is working on addressing the zero-day, with a fix coming in a future AnyConnect client release.