Cisco SD-WAN command injection vulnerability could lead to code execution as root

Cisco has fixed a High risk Cisco IOS XE SD-WAN Software command injection vulnerability that could allow a hacker to execute code with root privileges. The tech giant also released security updates for Analog Telephone Adapter and Web Security Appliance vulnerabilities.

Continue ReadingCisco SD-WAN command injection vulnerability could lead to code execution as root

Cisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature

Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.

Continue ReadingCisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature

Cisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Cisco issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.

Continue ReadingCisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Cisco patches vulnerabilities in SD-WAN, Small Business routers and other products

Cisco has patched multiple vulnerabilities in Cisco SD-WAN, Small Business routers, Unified Communications Products and Advanced Malware Protection. Two of those vulnerabilities (CVE-2021-1479, CVE-2021-1459) are rated Critical.

Continue ReadingCisco patches vulnerabilities in SD-WAN, Small Business routers and other products

Cisco patches AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366)

Cisco has patched a Cisco AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366). An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.

Continue ReadingCisco patches AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366)