Security News

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that’s under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is assigned...

A previously unknown vulnerability affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. CVE-2023-20198 is a privilege escalation vulnerability in the web UI feature of Cisco IOS XE software, which is installed on various Cisco controllers, switches, edge, branch and virtual routers.

Cisco warned admins today of a new and maximum severity zero-day vulnerability in its IOS XE Software that can let attackers gain full administrator privileges and take complete control of affected routers. "Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface feature of Cisco IOS XE software when exposed to the internet or untrusted networks," the company revealed today.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account. Cisco Emergency Responder is designed to work with Cisco Unified Communications Manager to ensure that emergency calls get routed to a location-appropriate Public Safety Answering Point.

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded...

Cisco released security updates to fix a Cisco Emergency Responder vulnerability that let attackers log into unpatched systems using hard-coded credentials. "This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development," Cisco explained in an advisory issued today.

Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on...

Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild."An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker," Cisco explained in a security advisory published on Wednesday.

Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server. Cisco Catalyst SD-WAN Manager for WAN is network management software allowing admins to visualize, deploy, and manage devices on wide area networks.