Wednesday, August 10, 2022
Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This...
Cisco

Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability

<p>A vulnerability in the web-based management interface of Cisco&nbsp;BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.</p> <p>This vulnerability exists because the web-based management interface does...
Cisco

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

<p>A vulnerability in the External RESTful Services (ERS) API of Cisco&nbsp;Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information.</p> <p>This vulnerability is due to excessive verbosity in a specific REST API output. An attacker...
Cisco

Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability

<p>A vulnerability in the web-based management interface of Cisco&nbsp;Unified Communications Manager (Unified CM) and Cisco&nbsp;Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system.</p> <p>This vulnerability exists...
Cisco

Cisco Small Business RV Series Routers Vulnerabilities

<p>Multiple vulnerabilities in Cisco&nbsp;Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.</p> <p>For more information about these vulnerabilities,...
Cisco

Cisco Webex Meetings Web Interface Vulnerabilities

<p>Multiple vulnerabilities in the web interface of Cisco&nbsp;Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface.</p> <p>For more information about these vulnerabilities, see...
Cisco

Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability

<p>A vulnerability in the external authentication functionality of Cisco&nbsp;Secure Email and Web Manager, formerly known as Cisco&nbsp;Security Management Appliance (SMA), and Cisco&nbsp;Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the...
Cisco

Cisco Nexus Dashboard Unauthorized Access Vulnerabilities

<p>Multiple vulnerabilities in Cisco&nbsp;Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.</p> <p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of...
Cisco

Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

<p>Multiple vulnerabilities in Cisco&nbsp;Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.</p> <p>These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities...
Cisco

Cisco IoT Control Center Cross-Site Scripting Vulnerability

<p>A vulnerability in the web-based management interface of Cisco&nbsp;IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.</p> <p>This vulnerability exists because the web-based management interface does not...
Cisco

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

<p>Multiple vulnerabilities in the web-based management interface of Cisco&nbsp;Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in...
Cisco

Cisco Nexus Dashboard SSL Certificate Validation Vulnerability

<p>A vulnerability in the SSL/TLS implementation of Cisco&nbsp;Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.</p> <p>This vulnerability exists because SSL server certificates are not validated when Cisco&nbsp;Nexus Dashboard is establishing...
Cisco

Cisco Identity Services Engine Administrator Password Lifetime Expiration Issue

<p>An issue in the Password Policy settings of Cisco&nbsp;Identity Services Engine (ISE) could allow an administrator to use expired credentials to gain access to the web management interface.</p> <p>When the Password Lifetime<strong> </strong>setting for the administrator password policy is used...
Cisco

Cisco Nexus Dashboard Arbitrary File Write Vulnerability

<p>A vulnerability in Cisco&nbsp;Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device.</p> <p>This vulnerability is due to insufficient input validation in the web-based management interface of Cisco&nbsp;Nexus Dashboard. An attacker with <em>Administrator </em>credentials...
Cisco

Cisco Identity Services Engine Authentication Bypass Vulnerability

<p>A vulnerability in the login page of Cisco&nbsp;Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions.</p> <p>This vulnerability is due to exposed sensitive Security Assertion Markup Language...
Cisco

Cisco Unified Communications Manager Arbitrary File Read Vulnerability

<p>A vulnerability in the web-based management interface of Cisco&nbsp;Unified Communications Manager (Unified CM) and Cisco&nbsp;Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of...
Cisco

Cisco Unified Communications Products Timing Attack Vulnerability

<p>A vulnerability in Cisco&nbsp;Unified Communications Manager (Unified CM), Cisco&nbsp;Unified Communications Manager Session Management Edition (Unified CM SME), and <span class="more">Cisco&nbsp;Unity Connection</span> could allow an unauthenticated, remote attacker to perform a timing attack.</p> <p>This vulnerability is due to insufficient protection of...
Cisco

Cisco Unified Communications Products Arbitrary File Read Vulnerability

<p>A vulnerability in the database user privileges of Cisco&nbsp;Unified Communications Manager (Unified CM), Cisco&nbsp;Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco&nbsp;Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker...
Cisco

Cisco Smart Software Manager On-Prem Denial of Service Vulnerability

<p>A vulnerability in Cisco&nbsp;Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.</p> <p>This vulnerability is due to incorrect handling of multiple simultaneous device registrations on...
Cisco

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

<p>Multiple vulnerabilities in the API and in the web-based management interface of Cisco&nbsp;Expressway Series and Cisco&nbsp;TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device.</p> <p><strong>Note:</strong>...

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …