Cisco patched a Critical RCE vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX). The company also addressed a DoS vulnerability in MDS 9000 Series Switches.
Cisco has released 12 High severity security advisories for Cisco Adaptive Security Appliance (ASA) Software and Firepower products. In addition, a security fix was also released to address a Snort HTTP detection engine file policy bypass Vulnerability.
Cisco has released a High severity security update that fixes an IOS XE SD-WAN software command injection vulnerability CVE-2019-16011.
Cisco has released security patches for Cisco IP Phones Web Application, UCS Director and other products. Five of the vulnerabilities are rated Critical severity and another seven are rated High severity.
As the COVID-19 crisis continues to spread, larger numbers of enterprises and learning organizations are moving meetings and classrooms online via video-teleconferencing (VTC) platforms. The FBI has issued a new warning of recent VTC attacks and also offered guidance on how to better security VTC platforms.
Researchers at the CERT Coordination Center (CERT/CC) have released details on a critical Point-to-Point Protocol Daemon (pppd) vulnerability CVE-2020-8597.
Cisco has released security patches for Email Security Appliance, Webex, Prime Network Registrar, Intelligent Proximity and other products. Four of the vulnerabilities are High risk and another eight are rated Medium severity.
Cisco has released security updates for multiple products to include IOS, Email Security Appliance, Data Center Network Manager and other products. One of the updates also addresses a critical vulnerability in Cisco's Smart Software Manager On-Prem.
Cisco has patched a high risk vulnerability CVE-2020-3142 in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites. An unauthenticated actor could join a password-protected meeting without inputting the meeting password.
Cisco has patched a critical vulnerability CVE-2019-16028 in the web-based management interface of Cisco Firepower Management Center (FMC). An unauthenticated, remote attacker could bypass authentication and execute arbitrary code on impacted FMC devices.