May. 18, 2019
Cisco is warning of critical remote code-execution (RCE) vulnerabilities in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager, which is used by telcos, mobile carriers, cable companies and ISPs to manage their hardware infrastructure. The vendor also issued estimated bug-fix dates for an unpatched, high-severity Secure Boot flaw that was disclosed on Monday; and addressed a high-severity flaw that would allow arbitrary code-execution on WebEx for Windows, Cisco’s widely deployed web conferencing and collaboration software. The newly disclosed critical issue consists of multiple vulnerabilities in the web-based management interface of the PI EPN manager, which could allow a remote attacker to execute arbitrary code with root privileges on the underlying operating system.
May. 5, 2019
A critical vulnerability in Cisco’s software-defined networking (SDN) software could allow an unauthenticated, remote attacker to connect to a vulnerable data-center switch and take it over, with the privileges of the root user. The bug (CVE-2019-1804), which has a CVSS severity rating of 9.8 out of 10, exists in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software, which is part of Cisco’s SDN approach. Enterprises use ACI to deploy and control applications across their infrastructure, including their multicloud footprints, with consistent policies – in theory boosting security and high availability.
May. 18, 2018
Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated ‘Critical’ and which received a maximum of 10 out of 10 on the CVSSv3 severity score. The three vulnerabilities include a backdoor account and two bypasses of the authentication system for Cisco Digital Network Architecture (DNA) Center. The Cisco DNA Center is a piece of software that’s aimed at enterprise clients and which provides a central system for designing and deploying device configurations (aka provisioning) across a large network.
May. 4, 2018
The bug (CVE-2018-0264) exists in the platform’s Recording Player for Advanced Recording Format (ARF), which allows users to play back WebEx meeting recordings. The player is installed automatically when a user accesses a recording file hosted on a WebEx server. Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, the Cisco WebEx Meetings Server and the Cisco WebEx ARF Player itself are all affected.