Security News

Cisco has fixed more than two dozen critical and high-severity security vulnerabilities affecting operating systems running on the company's carrier-grade and industrial routers and switches. Cisco IOS - a family of network operating systems used on many Cisco Systems routers and network switches.

Members of Cisco's Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker to write files to the targeted user's system and possibly achieve arbitrary code execution. CVE-2020-6109 is related to the way Zoom processes GIF image files.

Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco's Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists configured on affected Nexus switches - and launch a denial of service attacks on the devices.

A vulnerability related to the IP-in-IP tunneling protocol that can be exploited for denial-of-service attacks and to bypass security controls has been found to impact devices from Cisco and other vendors. Cisco has released security updates to address the vulnerability in its NX-OS software.

Six Cisco-operated servers were hacked via SaltStack security vulnerabilities, the networking giant revealed this week. The compromised systems act as the salt-master servers for releases 1.2 and 1.3 of Cisco's Virtual Internet Routing Lab Personal Edition product, and customer installations connect to these Cisco-maintained backend boxes.

Cisco on Thursday said that it plans to acquire privately held network intelligence firm ThousandEyes, as the networking giant looks to boost network visibility and intelligence across its enterprise networking, cloud and application services portfolios. Headquartered in San Francisco and founded in 2010, ThousandEyes provides an internet intelligence platform that delivers deep visibility and insights into application and services delivery over the Internet.

Earlier this month, when F-Secure publicly revealed the existence of two vulnerabilities affecting SaltStack Salt and attackers started actively exploiting them, Cisco was among the victims. The revelation was made on Thursday, when Cisco published an advisory saying that, on May 7, 2020, they've discovered the compromise of six of their salt-master servers, which are part of the Cisco VIRL-PE service infrastructure.

Now, Cisco reveals that salt-master servers that are used with Cisco Virtual Internet Routing Lab Personal Edition were upgraded on May 7, and that, on the same day, they were found to have been compromised through the aforementioned vulnerabilities. "Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised. The servers were remediated on May 7, 2020," the company announced in an advisory.

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. Hackers were able to successfully exploit the flaws incorporated in the latter product, resulting in the compromise of six VIRL-PE backend servers, according to Cisco.

We have a bunch of new security patches from Switchzilla, including one for a critical hole in its call-center software. CVE-2020-3280 is a remote-code-execution vulnerability in the Java remote management interface for Unified Contact Center Express.