Security News

A day after proof-of-concept exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. PoC exploits for the flaw - as well as 11 other issues in Cisco Security Manager - were published online Monday by security researcher Florian Hauser.

Cisco this week released advisories for three serious vulnerabilities in Security Manager that already have proof-of-concept exploit code available online. Cisco says that there are no workarounds available for this vulnerability but that Cisco Security Manager 4.22 addresses is.

Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system. Those are part of a batch of twelve vulnerabilities flagged in July 2020 by Florian Hauser, a security researcher and red teamer at Code White.

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The flaws were responsibly reported to Cisco's Product Security Incident Response Team three months ago, on July 13.

A high-severity flaw in Cisco's IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers. The flaw stems from Cisco IOS XR, a train of Cisco Systems' widely deployed Internetworking Operating System.

Cisco has disclosed a zero-day vulnerability - for which there is not yet a patch - in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. "Cisco plans to fix this vulnerability in a future release of Cisco AnyConnect Secure Mobility Client Software."

Cisco informed customers on Wednesday that it's working on a patch for a code execution vulnerability affecting its AnyConnect product. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script.

Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available. While security updates are not yet available for this arbitrary code execution vulnerability, Cisco is working on addressing the zero-day, with a fix coming in a future AnyConnect client release.

Cisco on Wednesday announced the release of patches for 17 high-severity vulnerabilities in its security appliances as part of its Security Advisory Bundled Publication for October 2020. The vulnerabilities have been found to impact Adaptive Security Appliance, Firepower Threat Defense, and Firepower Management Center.

"The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory," according to Cisco in an update released on Wednesday. The most severe of these flaws includes a vulnerability in Cisco Firepower Chassis Manager, which exists in the Firepower Extensible Operating System and provides management capabilities.