Cisco Security Vulnerability Thread.

travisdh1

Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos

Only a few ASA-5500 models affected this time.

travisdh1

All your signs are belong to us: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth

Plus the normal plethora: https://tools.cisco.com/security/center/publicationListing.x

nadnerB

https://www.itnews.com.au/news/cisco-whistleblower-gets-first-false-claims-payout-over-cyber-security-528963

Cisco Systems has agreed to settle a whistleblower’s claim that it improperly sold video surveillance software with known vulnerabilities to US federal and state governments

travisdh1

ZDNet: Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw.
https://www.zdnet.com/article/patch-now-cisco-ios-xe-routers-exposed-to-rare-1010-severity-security-flaw/

Been a little busy with new job and big changes in my personal life. I've missed a BUNCH of things that should be here. This is one of those that you can't ignore tho.

travisdh1

https://www.zdnet.com/article/cisco-warning-these-routers-running-ios-have-9-910-severity-security-flaw/

scottalanmiller

https://www.zdnet.com/google-amp/article/cisco-these-wi-fi-access-points-are-easily-owned-by-remote-hackers-so-patch-now/

RojoLoco

Spotted online today:

travisdh1

@RojoLoco said in Cisco Security Vulnerability Thread.:

Spotted online today:

Please tell me you have the link to send me? I have to post on that one!

travisdh1

I've been way too busy to keep up with this lately, but just spotted this little doozy.

https://www.zdnet.com/article/cisco-critical-bugs-nexus-data-center-switch-software-needs-patching-now/

DustinB3403

Another one.

https://arstechnica.com/information-technology/2020/01/unpatched-citrix-vulnerability-now-exploited-patch-weeks-away/

coliver

@DustinB3403 said in Cisco Security Vulnerability Thread.:

Another one.

https://arstechnica.com/information-technology/2020/01/unpatched-citrix-vulnerability-now-exploited-patch-weeks-away/

That's Citrix.

DustinB3403

@coliver said in Cisco Security Vulnerability Thread.:

@DustinB3403 said in Cisco Security Vulnerability Thread.:

Another one.

https://arstechnica.com/information-technology/2020/01/unpatched-citrix-vulnerability-now-exploited-patch-weeks-away/

That's Citrix.

whoops

travisdh1

Lots more basic security issues. All the Cisco devices on your network. Patch now.

https://www.wired.com/story/cisco-cdp-flaws-enterprise-hacking/

travisdh1

Another CISA announcement.
https://www.us-cert.gov/ncas/current-activity/2020/02/06/cisco-releases-security-updates-multiple-products

travisdh1

Another big batch of patch your stuff.

https://www.us-cert.gov/ncas/current-activity/2020/02/20/cisco-releases-security-updates

travisdh1

More security notifications on Cisco products from CISA

https://www.us-cert.gov/ncas/current-activity/2020/02/27/cisco-releases-security-updates

travisdh1

Another week, more CISA reports. Remote vulnerability in their SD-WAN software.

https://www.us-cert.gov/ncas/current-activity/2020/03/19/cisco-releases-security-updates-sd-wan-solution-software

travisdh1

It's been a while, and they actually avoided any issues with their network gear for once.
https://www.us-cert.gov/ncas/current-activity/2020/04/16/cisco-releases-security-updates-multiple-products

travisdh1

Missed a couple this week, I've been busy!

First is a number of webex and Small Business routers.
https://www.us-cert.gov/ncas/current-activity/2020/06/18/cisco-releases-multiple-security-updates

Next up is IOS XE devices with a telenet RCE.
https://www.us-cert.gov/ncas/current-activity/2020/06/25/cisco-releases-security-advisory-telnet-vulnerability-ios-xe

travisdh1

More remote code vulnerabilities. Haven't had time to look at what product(s) yet.
https://tools.cisco.com/security/center/publicationListing.x