Cisco Security Vulnerability Thread.

travisdh1

More today. Lots of things classified as High, go patch the Cisco things!

https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

travisdh1

Just remotely getting configuration information today.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid

scottalanmiller

Youtube Video

travisdh1

Remote access to Sysadmin in Cisco ASR 9000 series.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr

travisdh1

https://www.networkworld.com/article/3392858/cisco-issues-critical-security-warning-for-nexus-data-center-switches.html

Secret access to switches and firewalls. In addition to the sundry less critical flaws.

travisdh1

https://www.us-cert.gov/ncas/current-activity/2019/05/07/Cisco-Releases-Security-Update-Elastic-Services-Controller

Another remote vulnerability. Just another week in the Cisco world.

NashBrydges

https://www.businesswire.com/news/home/20190513005742/en/Red-Balloon-Security-Discovers-Critical-Vulnerability-Millions

Dashrender

@NashBrydges said in Cisco Security Vulnerability Thread.:

https://www.businesswire.com/news/home/20190513005742/en/Red-Balloon-Security-Discovers-Critical-Vulnerability-Millions

wow

Red Balloon Security researchers have demonstrated physical destruction of Cisco routers by leveraging Thrangrycat via remote exploitation

ouch!

travisdh1

@NashBrydges said in Cisco Security Vulnerability Thread.:

https://www.businesswire.com/news/home/20190513005742/en/Red-Balloon-Security-Discovers-Critical-Vulnerability-Millions

Thanks for posting. Saw this headline, but didn't get to actually read the article yet.

NashBrydges

Looks like that vulnerability is worse than expected.

https://www.bleepingcomputer.com/news/security/cisco-upgrades-remote-code-execution-flaws-to-critical-severity/

travisdh1

Multiple vulnerabilities patched this month. Make sure you're account is paid up so you can keep everything updated. Or more reasonably toss the gear for something reasonably priced.

At least 1 remote vulnerability, again.

https://www.us-cert.gov/ncas/current-activity/2019/06/05/Cisco-Releases-Security-Updates-Multiple-Products

davide.bonavita

LOL

travisdh1

@davide-bonavita said in Cisco Security Vulnerability Thread.:

LOL

It's the bi-weekly gift that always gives you so much joy, and extra work to patch.

travisdh1

Another remote vulnerability. Just anything that can be managed from a web page this time.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf

travisdh1

They say patch now, and I believe them.

https://www.zdnet.com/article/cisco-critical-flaw-warning-these-two-bugs-in-our-data-center-gear-need-patching-now/

travisdh1

CISA, more remote vulnerabilities. Go patch.

https://www.us-cert.gov/ncas/current-activity/2019/06/26/cisco-releases-security-updates-data-center-network-manager

travisdh1

What? How does this even happen!? Another companies security keys in their equipment.

https://www.zdnet.com/article/seriously-cisco-put-huawei-x-509-certificates-and-keys-into-its-own-switches/

NashBrydges

This thread just makes it seem like Cisco is asleep at the wheel. lol

travisdh1

@NashBrydges said in Cisco Security Vulnerability Thread.:

This thread just makes it seem like Cisco is asleep at the wheel. lol

This isn't even asleep at the wheel, our interns here do security better than Cisco! This is into actively malicious territory imo.

travisdh1

Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos

Only a few ASA-5500 models affected this time.