Cisco News and Vulnerabilities
Boost the channel!!
https://t.me/Cisco?boost
More:
@Rcall
@PopPolls
@QubesOS 💻
@CiscoChat
@CiscoLog
t.me/Cisco/22556
This channel is not official
Recent Posts
Cisco today unveiled a radically new approach to securing data centers and clouds in response to the increasing demands of the AI revolution
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Cisco Reimagines Security for Data Centers and Clouds in Era of AI
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/cisco-reimagines-security-for-data-centers-and-clouds-in-era-of-ai.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/cisco-reimagines-security-for-data-centers-and-clouds-in-era-of-ai.html?source=rss
Given the challenges of today’s threat landscape, nothing less than a radical rethinking of security will do. Cisco Hypershield is it.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Cisco Hypershield: Reimagining security at AI-scale
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/cisco-hypershield-security-reimagined.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/cisco-hypershield-security-reimagined.html?source=rss
Introducing Cisco Hypershield, a cloud-native approach to highly-distributed security for data centers that’s AI-powered and built into the fabric of the network.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Cisco Hypershield: Security reimagined — hyper-distributed security for the AI-scale data center
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/cisco-hypershield-security-reimagined-hyper-distributed-security-for-the-ai-scale-data-center.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/cisco-hypershield-security-reimagined-hyper-distributed-security-for-the-ai-scale-data-center.html?source=rss
Cisco Integrated Management Controller CLI Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20CLI%20Command%20Injection%20Vulnerability&vs_k=1
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ
Security Impact Rating: High
CVE: CVE-2024-20295
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20CLI%20Command%20Injection%20Vulnerability&vs_k=1
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ
Security Impact Rating: High
CVE: CVE-2024-20295
Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20SNMP%20Extended%20Named%20Access%20Control%20List%20Bypass%20Vulnerability&vs_k=1
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.
This vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message. This can result in no ACL being applied to the SNMP listening process. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP operations that should be denied. The attacker has no control of the SNMP ACL configuration and would still need a valid SNMP version 2c (SNMPv2c) community string or SNMP version 3 (SNMPv3) user credentials.
SNMP with IPv6 ACL configurations is not affected.
For more information, see the Details (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20SNMP%20Extended%20Named%20Access%20Control%20List%20Bypass%20Vulnerability&vs_k=1#details) section of this advisory.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww
Security Impact Rating: Medium
CVE: CVE-2024-20373
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20SNMP%20Extended%20Named%20Access%20Control%20List%20Bypass%20Vulnerability&vs_k=1
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.
This vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message. This can result in no ACL being applied to the SNMP listening process. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP operations that should be denied. The attacker has no control of the SNMP ACL configuration and would still need a valid SNMP version 2c (SNMPv2c) community string or SNMP version 3 (SNMPv3) user credentials.
SNMP with IPv6 ACL configurations is not affected.
For more information, see the Details (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20SNMP%20Extended%20Named%20Access%20Control%20List%20Bypass%20Vulnerability&vs_k=1#details) section of this advisory.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww
Security Impact Rating: Medium
CVE: CVE-2024-20373
Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20Web-Based%20Management%20Interface%20Command%20Injection%20Vulnerability&vs_k=1
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root.
This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb
Security Impact Rating: High
CVE: CVE-2024-20356
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20Web-Based%20Management%20Interface%20Command%20Injection%20Vulnerability&vs_k=1
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root.
This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb
Security Impact Rating: High
CVE: CVE-2024-20356
AB sits down with Denise Lee, Cisco’s VP, Engineering Sustainability Office, for a great chat on a wide variety of sustainability-related topics
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Talking all things sustainability with Denise Lee
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/talking-all-things-sustainability-with-denise-lee.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/talking-all-things-sustainability-with-denise-lee.html?source=rss
Tucker Carlson interviews Pavel Durov 😎
https://twitter.com/TuckerCarlson/status/1780355490964283565
https://twitter.com/TuckerCarlson/status/1780355490964283565
🙌🌟💥Great Bonus for VIP channel memebrs!!! Don't Miss this chance to enhance IT skills & be CiscoNetwork Engineer 2024!!!
📚Newly launched FREE #Cisco CCNA CCNP Networking Study Materials *in one click only👇✅*
✅ Networking eBooks
✅ Command Notes
✅ Cisco official guides
✅ Practice Tests
🔗👉Download Free #Cisco ONE-STOP resources: https://bit.ly/3VOFVAl
🔗✅ Free Cisco #CCNA 200-301 Training Courseshttps://bit.ly/3vF5idk
Join Cisco study Group for more: https://t.me/spotociscoclub
https://chat.whatsapp.com/BX4ZpXvwvSW4Gv10lN9vux
📚Newly launched FREE #Cisco CCNA CCNP Networking Study Materials *in one click only👇✅*
✅ Networking eBooks
✅ Command Notes
✅ Cisco official guides
✅ Practice Tests
🔗👉Download Free #Cisco ONE-STOP resources: https://bit.ly/3VOFVAl
🔗✅ Free Cisco #CCNA 200-301 Training Courseshttps://bit.ly/3vF5idk
Join Cisco study Group for more: https://t.me/spotociscoclub
https://chat.whatsapp.com/BX4ZpXvwvSW4Gv10lN9vux
Cisco has completed the acquisition of Isovalent, Inc., a leader in open source cloud native networking and security
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Related Posts
Android Security & Malware Telegram Channel
Mobile infosec news about malware, ethical hacking, vulnerabilities, bug bounty hunting, tutorials, tools, penetration testing, forensic… Youtube channel: https://youtube.com/c/LukasStefankoInfoSec Contact: @androidMalware_bot
ZOKA’s Telegram Channel
Content of the channel may not be suitable for users under 18 years of age. By joining this channel and the group serving as a chat, you confirm that you are not under 18 years of age. twitter.com/zokites Boost us: t.me/zoka200?boost 🤙
IT Networking Training Telegram Channel
Get Free Dose of Learning related to Cisco CCNA, CCNP ,CCIE, Checkpoint, Palo Alto Firewall,F5,Fortinet,SD-WAN, AWS, Cybersecurity etc.
Телеканал Дождь телеграмм канал
Прислать новость, разместить рекламу, позвонить в эфир: @raintvbot Boost канала: https://t.me/tvrain?boost
