Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

CVE-2023-20180: Cisco Security Advisory: Cisco Webex Meetings Web UI Vulnerabilities

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions.

CVE
Open in Source
#xss#csrf#vulnerability#web#cisco#auth
CVE-2023-25201: Security Advisories - usd HeroLab

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic

Vulnerable Nexus 9000 Series Fabric Switches in ACI mode should be disabled, Cisco advises.

DDoS attacks want to make sure you haven’t forgotten about them

The economic damage of DDoS attacks is tough to measure — who can really say how much money Blizzard missed out on by not having players in “Diablo IV” for a few hours spending money on microtransactions or choosing to buy the game?

Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain

In all, Cisco Talos is releasing 22 security advisories today, nine of which have a CVSS score greater than 8, associated with 69 CVEs.

CVE-2023-22659: TALOS-2023-1699 || Cisco Talos Intelligence Group

An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-24583: TALOS-2023-1710 || Cisco Talos Intelligence Group

Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet.

CVE-2023-24019: TALOS-2023-1718 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2023-22299: TALOS-2023-1712 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.