Security News

Cisco on Wednesday released patches for 11 vulnerabilities in its products, including multiple flaws that impact Cisco UCS Manager, FXOS, and NX-OS software. Because the Discovery Protocol is enabled by default globally and on all interfaces in FXOS and NX-OS, the flaw impacts numerous products, including Nexus, Firepower, UCS and MDS. Cisco has pointed out that this vulnerability is different from the one disclosed earlier this month, which researchers said affected tens of millions of Cisco devices deployed in enterprise environments.

Building on a decade of significant investment in innovation, partnerships, acquisitions, customer research and open- source standards, Cisco is now offering customers the broadest, most integrated cloud-native security platform in the industry, Cisco SecureX. Cisco SecureX provides a comprehensive user experience across the breadth of Cisco's integrated security portfolio and customers' existing security infrastructure. Cisco SecureX unifies visibility, identifies unknown threats, and automates workflows to strengthen customers' security across network, endpoint, cloud, and applications.

Cisco on Monday unveiled SecureX, a new cloud-native security platform designed to improve visibility, deliver analytics, and automate common security workflows. SecureX, expected to become generally available in June, will unify visibility across an organization's security portfolio, including Cisco and third-party solutions.

Cisco has released a new batch of security fixes for a number of its products, including its Smart Software Manager On-Prem solution and its Email Security and Content Security Management Appliances. The critical flaw is in the High Availability service of the Cisco Smart Software Manager On-Prem.

Cisco has released patches for sixteen vulnerabilities across its products, including one rated critical, six high severity, and nine medium risk. The critical vulnerability impacts Cisco's Smart Software Manager On-Prem licensing solution and could allow a remote, unauthenticated attacker to access system data with high privileges.

A critical flaw in the High Availability service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn't directly connected to the internet. Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner's product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organization purchases and consumes.

NetSecOPEN, the first industry organization focused on the creation of open, transparent network security performance testing standards, announced that Cisco, Fortinet, Palo Alto Networks and SonicWall are the first three security vendors to achieve certified performance results through open, standardized testing developed by NetSecOPEN and adopted by the Internet Engineering Task Force. "Fortinet is committed to delivering the best threat protection performance and low latency that enterprises require via our purpose-built security processor technology. We are pleased to report the certified performance of Fortinet's FortiGate 500E Next-generation Firewall, tested under real-world conditions," said John Maddison, EVP of Products and CMO at Fortinet.

Cisco has released fixes to address 17 vulnerabilities across its networking and unified communications lines. The lone critical bulletin is for CVE-2020-3158, a bug caused by the presence of a high-privilege account with a static password present in the Cisco Smart Software Manager tool.

If you have Cisco equipment in your enterprise network - and chances are good that you have - you should check immediately which feature the newly revealed CDPwn vulnerabilities in Cisco' proprietary device discovery protocol and implement patches as soon as possible. "Different models of devices that run Cisco FXOS Software, Cisco IP Camera Firmware, Cisco IP Phone Firmware, Cisco NX-OS Software, Cisco IOS-XR, and Cisco UCS Fabric Interconnects are affected by one or more of these vulnerabilities," a Cisco spokesman told Help Net Security.

Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed 'CDPwn,' the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol that comes enabled by default on virtually all Cisco devices and can not be turned OFF. Cisco Discovery Protocol is an administrative protocol that works at Layer 2 of the Internet Protocol stack.