Security News

Cisco's Talos threat intelligence and research group this week disclosed the details of recently patched vulnerabilities affecting the Chrome and Firefox web browsers. The Chrome flaw, tracked as CVE-2020-6463 and classified as high severity with a CVSS score of 8.8, was patched by Google in April with the release of Chrome 81.0.4044.122.

Cisco on Wednesday announced that it has patched several vulnerabilities affecting its products, including flaws in Small Business routers and switches. Of the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity.

Cisco has patched a cross-site scripting vulnerability in two VPN routers it sells to small businesses and branch offices. By default, the management feature is disabled for remote users, though it is enabled for people on the same LAN. "A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information," Cisco explained in its advisory yesterday.

Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw, which ranks 8.1 out of 10.0 on the CVSS scale, stems from use of weak entropy generation for session identifier values, a Wednesday Cisco security advisory said.

Cisco Webex suffered from a vuln that could have allowed an attacker to access any account by simply copy-pasting a unique session token into a browser string. Once the token was extracted from the dump file, researchers were able to make a crafted HTTP POST request to Webex's servers, mimicking a genuine connection attempt, which returned a one-time login ticket for live meetings.

Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems. "An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site," according to Cisco's security update.

Cisco announced this week that it has added new security features to Webex and that it has also patched several high-severity vulnerabilities in the conferencing product. At its Cisco Live 2020 event, the networking giant informed customers that it has extended its data loss prevention retention, Legal Hold and eDiscovery features to Webex Meetings.

Cisco has released security updates for Cisco Webex Meetings and Cisco Webex Meetings Server that fix several remotely exploitable vulnerabilities, as well as one less severe one that could allow hackers to gain access to a target's Webex account. CVE-2020-3361 affects Cisco Webex Meetings sites and Cisco Webex Meetings Server and could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.

Cisco announces the general availability globally of Cisco SecureX, the broadest and most integrated cloud-native security platform, included with all Cisco Security products to simplify and enhance the way customers manage security, on June 30, 2020. To address current and future security challenges, SecureX connects the breadth of Cisco's integrated security portfolio with customers' entire security infrastructure for a consistent and simplified experience.

NS1 announced that the company has joined the Cisco DevNet SolutionsPlus program, making its enterprise DNS, DHCP, and IP address management solution the first and only software-defined DDI solution available on Cisco's Global Price List. Inclusion in Cisco's DevNet SolutionsPlus program enables Cisco field teams and channel partners to incorporate NS1's DDI and external DNS solutions into their portfolio while providing customers with enhanced network visibility and control.