Security News

Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco's NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

Cisco patched a critical flaw in its wide area network software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services, which is software that Cisco describes as a "WAN optimization solution." It helps manage business applications that are being leveraged in virtual private cloud infrastructure.

Cisco informed customers on Wednesday that it has patched a critical default credentials vulnerability affecting some configurations of its ENCS 5400-W series and CSP 5000-W series appliances. The Cisco Cloud Services Platform for WAAS is a hardware platform designed for the deployment of datacenter network function virtualization, and the Cisco Enterprise Network Compute System is a hybrid platform for branch deployment and for hosting WAAS applications.

Cisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers to launch DoS attacks against its popular small business switches. Cisco is warning of a high-severity flaw that could allow remote, unauthenticated attackers to cripple several of its popular small-business switches with denial of service attacks.

Cisco customers once again find themselves needing to patch critical vulnerabilities in Switchzilla's gear. The equipment maker has emitted fixes or updates for multiple CVE-listed vulnerabilities in the Treck IP stack, Data Center Network Manager, and SD-WAN. Those patches should be applied ASAP. A high-rated path traversal vulnerability was patched in the Adaptive Security Appliance and Firepower Threat Defense software.

Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager and the Cisco SD-WAN Solution software. Cisco Data Center Network Manager is the network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking deployments for the Cisco Nexus-powered data center.

Cisco informed customers on Wednesday that it has patched critical and high-severity vulnerabilities in its Data Center Network Manager network management platform. "The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges," Cisco explained.

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager for managing network platforms and switches. DCNM is a platform for managing Cisco data centers that run Cisco's NX-OS - the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

Cisco is warning that a high-severity flaw in its network security software is being actively exploited - allowing remote, unauthenticated attackers to access sensitive data. "The Cisco Product Security Incident Response Team is aware of the existence of public exploit code and active exploitation of the vulnerability that is described in this advisory," according to Cisco.

An unauthenticated file read vulnerability affecting Cisco Adaptive Security Appliance and Firepower Threat Defense software is being exploited by attackers in the wild. There's a proof of concept doing the rounds for directory path traversal in Cisco AnyConnect SSL VPN. It's already being mass spammed across internet.