Security News

A researcher who discovered many vulnerabilities in Cisco's Data Center Network Manager product has made public some proof-of-concept exploits and technical details. In early January, Cisco informed customers that it had released updates for DCNM to address several critical and high-severity vulnerabilities.

Cisco Systems has fixed two high-severity vulnerabilities in its products, including one in its popular Webex video conferencing platform that could enable a remote attacker to execute commands. The high-severity Webex flaw exists in the web-based management interface of Cisco Webex Video Mesh, a feature that enables on-premises infrastructure for video conferencing, to enhance audio, video and content.

Cisco has released a fresh batch of security updates for its networking and comms gear lines. The high-priority patch this month is the fix for CVE-2019-16009, a cross-site request forgery, in the web UI of Cisco IOS and Cisco IOS XE that can be exploited to steal credentials from users via malicious links.

Cisco has fixed 12 vulnerabilities in Cisco Data Center Network Manager, a platform for managing Cisco switches and fabric extenders that run NX-OS, and has warned about a spike in exploitation attempts of an old flaw affecting Cisco Adaptive Security Appliance and Firepower Appliance software. "The vulnerabilities are not dependent on one another; exploitation of one of the vulnerabilities is not required to exploit another vulnerability," Cisco shared.

The immediate priority should be cleaning up CVE-201915975, CVE-201915976, and CVE-201915975, a trio of authentication bypass bugs that can be exploited remotely without authentication. CVE-2019-15976 describes the same issue via the SOAP API, while CVE-2019-15977 describes static credentials that only allow access to "Certain confidential information," but that infomation could be used for other attacks.

Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said.

Cisco on Thursday informed customers that it has released software updates for its Data Center Network Manager product to address several critical and high-severity vulnerabilities. All of the serious vulnerabilities patched in DCNM were reported to Cisco by researcher Steven Seeley of Source Incite.

Cisco has warned customers that a vulnerability patched last year in its Adaptive Security Appliance (ASA) and Firepower Appliance products continues to be targeted by hackers. read more

Cisco unveiled further details behind its technology strategy for building a new internet — one designed to push digital innovation beyond the performance, economic and power consumption...

Cisco Talos this week released a new tool designed to make it easier to create complex applications that have lengthy dependency chains. Called Mussels, the cross-platform, general-purpose...