Security News

Cisco informed customers on Wednesday that it has patched a critical default credentials vulnerability affecting some configurations of its ENCS 5400-W series and CSP 5000-W series appliances. The Cisco Cloud Services Platform for WAAS is a hardware platform designed for the deployment of datacenter network function virtualization, and the Cisco Enterprise Network Compute System is a hybrid platform for branch deployment and for hosting WAAS applications.

Cisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers to launch DoS attacks against its popular small business switches. Cisco is warning of a high-severity flaw that could allow remote, unauthenticated attackers to cripple several of its popular small-business switches with denial of service attacks.

Cisco customers once again find themselves needing to patch critical vulnerabilities in Switchzilla's gear. The equipment maker has emitted fixes or updates for multiple CVE-listed vulnerabilities in the Treck IP stack, Data Center Network Manager, and SD-WAN. Those patches should be applied ASAP. A high-rated path traversal vulnerability was patched in the Adaptive Security Appliance and Firepower Threat Defense software.

Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager and the Cisco SD-WAN Solution software. Cisco Data Center Network Manager is the network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking deployments for the Cisco Nexus-powered data center.

Cisco informed customers on Wednesday that it has patched critical and high-severity vulnerabilities in its Data Center Network Manager network management platform. "The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges," Cisco explained.

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager for managing network platforms and switches. DCNM is a platform for managing Cisco data centers that run Cisco's NX-OS - the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

Cisco is warning that a high-severity flaw in its network security software is being actively exploited - allowing remote, unauthenticated attackers to access sensitive data. "The Cisco Product Security Incident Response Team is aware of the existence of public exploit code and active exploitation of the vulnerability that is described in this advisory," according to Cisco.

An unauthenticated file read vulnerability affecting Cisco Adaptive Security Appliance and Firepower Threat Defense software is being exploited by attackers in the wild. There's a proof of concept doing the rounds for directory path traversal in Cisco AnyConnect SSL VPN. It's already being mass spammed across internet.

The under-attack bug is CVE-2020-3452, a path-traversal flaw in Switchzilla's Adaptive Security Appliance and Firepower Threat Defense software that can be used to "Read sensitive files on a targeted system." While there was no publicly available exploit code for the high-severity bug when first publicized, a day after issuing its advisory, Cisco said the flaw was being targeted in the wild. The vulnerabilities lie within the Treck IP stack used in Cisco gear, and, if exploited, allow complete takeover of a vulnerable device.

The under-attack bug is CVE-2020-3452, a path-traversal flaw in Switchzilla's Adaptive Security Appliance and Firepower Threat Defense software that can be used to "Read sensitive files on a targeted system." While there was no publicly available exploit code for the high-severity bug when first publicized, a day after issuing its advisory, Cisco said the flaw was being targeted in the wild. The vulnerabilities lie within the Treck IP stack used in Cisco gear, and, if exploited, allow complete takeover of a vulnerable device.