Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Why logging is one of the most overlooked aspects of incident response, and how Cisco Talos IR can help

As the adoption of digital technologies increases, the volume of log data grows, which makes it challenging for cybersecurity teams to identify which logs are most valuable when investigating and analyzing threats.

TALOS
Open in Source
#vulnerability#cisco#git
Snapshot fuzzing direct composition with WTF

Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that’s under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is assigned as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring system. It’s worth pointing out that the shortcoming only affects enterprise networking gear that have

New Cisco Web UI Vulnerability Exploited by Attackers

By Waqas Another day, another critical vulnerability hits Cisco! This is a post from HackRead.com Read the original post: New Cisco Web UI Vulnerability Exploited by Attackers

Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.

CVE-2023-20198: Cisco Security Advisory: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory  Cisco will provide updates on the status of this investigation and when a software patch is available.

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability

Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.

Top resources for Cybersecurity Awareness Month

Plus, many of the world’s largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.

CVE-2023-25774: TALOS-2023-1743 || Cisco Talos Intelligence Group

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

CVE-2023-31192: 2023/06/30: SE202301: Security Advisory: CVE-2023-27395 etc: Fixed 6 vulnerabilities of SoftEther VPN in cooperation with Cisco Systems, Inc.

An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.