17 May 2021

Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure

Earlier this week, Cisco announced that it had released patches for a high-severity vulnerability that lies in its AnyConnect Secure Mobility Client that can be exploited for remote code execution. The flaw was initially disclosed in November of 2020, and it has taken roughly six months for the company to

Read More
07 May 2021

Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

Cisco has rolled out patches addressing severe vulnerabilities that could be exploited to perform remote code execution and privilege escalation. The flaws lie in the SD-WAN vManage Software. The bugs could allow an unauthenticated attacker to steal information from vulnerable networks. Cisco also disclosed a denial-of-service issue in the same

Read More
28 Apr 2021

Linux kernel vulnerability exposes stack memory, causes data leaks

Cisco Talos has disclosed an information disclosure vulnerability in the Linux kernel that can lead to further compromise. According to a statement released by Cisco on Tuesday, the bug could allow an attacker to view Kernel stack memory, acting as a springboard to inflict further damage to a system and

Read More
09 Apr 2021

Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers

Cisco has stated that it does not plan to patch three different small business router models and one VPN firewall device, despite critical vulnerabilities found in each. The SOHO router models contain a bug that is rated 9.8/10 in severity, and could allow unauthenticated remote users to attack targeted equipment

Read More
26 Feb 2021

Cisco Warns of Critical Auth-Bypass Security Flaw

Cisco has allegedly fixed a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches. The vulnerability could allow for a remote attacker to bypass authentication, according to the company. The bug is one of three critical flaws patched by Cisco this past week. The

Read More
27 Jan 2021

Cisco DNA Center Bug Opens Enterprises to Remote Attack

A new flaw discovered in Cisco’s web-based management interface of the Cisco DNA Center opens up organizations to cross-site request forgery (CSRF) attacks. This can lead to remote attack and takeover, Cisco says. The high severity vulnerability is tracked as CVE-2021-1257 and boasts a severity score of 7.1 on the

Read More
22 Jan 2021

Cisco warns on critical security vulnerabilities in SD-WAN software, so update now

Cisco has warned its users to update networking software immediately due to four severe flaws affecting the Smart Software Manager Satellite, and SD-WAN DNA. SD-WAN has three critical command injection vulnerabilities with a collective score of 9.9 out of 10. Vulnerabilities of this nature require immediate action. According to Cisco,

Read More
22 Dec 2020

Microsoft, Google, Cisco, Dell join legal battle against hacking company NSO

On Monday, tech giants Microsoft, Cisco, Dell, and Google entered into a legal battle against hacking organization NSO. Facebook had already been battling the organization in court for a year and has now been backed by two industry leaders. The tech companies filed a brief in federal court alleging that

Read More
15 Dec 2020

Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts

Sudhish Kasaba Ramesh, 31, has pleaded guilty to breaking into Cisco’s cloud infrastructure in 2018 and hacking the Webex collaboration platform to delete Webex accounts. The insider threat case has landed Ramesh at least two years in jail for the hack, which occurred roughly four months from his resignation from

Read More
25 Sep 2020

Cisco warns over 25 high-impact flaws in its IOS and IOS XE software

Cisco is urging customers to install patches for 25 high severity flaws existing in its previous version of IOS and ISO XE networking gear software. In total, Cisco disclosed and patched 34 flaws, 25 of which were classified as critical. The announcement is part of Cisco’s semi-annual effort to fix

Read More