Security News

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. Hackers were able to successfully exploit the flaws incorporated in the latter product, resulting in the compromise of six VIRL-PE backend servers, according to Cisco.

We have a bunch of new security patches from Switchzilla, including one for a critical hole in its call-center software. CVE-2020-3280 is a remote-code-execution vulnerability in the Java remote management interface for Unified Contact Center Express.

We have a bunch of new security patches from Switchzilla, including one for a critical hole in its call-center software. CVE-2020-3280 is a remote-code-execution vulnerability in the Java remote management interface for Unified Contact Center Express.

Cisco has patched a critical remote code execution hole in Cisco Unified Contact Center Express, its "Contact center in a box" solution, and is urging administrators to upgrade to a fixed software version. "The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device," Cisco explained.

Cisco this week released security patches to address several vulnerabilities in its products, including a critical severity bug in its Unified Contact Center Express software. The issue, Cisco explains in an advisory, exists because of the software's insecure deserialization of user supplied content.

Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express. Cisco's Unified CCX software is touted as a "Contact center in a box" that allows companies to deploy customer-care applications.

Despite the absence of a critical remote code or command execution bug, the patches include a number of serious programming blunders, particularly in the context of the network security appliances where they were found. The Adaptive Security Appliance range - Cisco's fancy term for a firewall - is host to 11 of the bug fixes.

Cisco this week released security updates to address more than 30 vulnerabilities in various products, including 12 high severity flaws impacting Adaptive Security Appliance and Firepower Threat Defense. The most important of these issues is tracked as CVE-2020-3187 and could be exploited to conduct directory traversal attacks and then read or delete sensitive files on a vulnerable system.

Specifically affected is Cisco's Firepower Threat Defense software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance software, the operating system for its family of ASA corporate network security devices. The most severe flaw exists in the web service interfaces for ASA software and FTD software.

Cisco survey finds security experts at mid-sized companies have strong incident response plans and prioritize proactive threat hunting. Security teams at small businesses are just as good at defending corporate data and networks as their colleagues at bigger organizations, according to a new survey from Cisco.