Cisco Channel

2022-05-20 23:06:26 It’s a hive of activity down at the Cisco RTP Apiary on World Bee Day — and every day
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2022/m05/it-a-hive-of-activity-down-at-the-cisco-rtp-apiary-on-world-bee-day-and-every-day.html?source=rss Open / Comment

2022-05-20 21:31:25 Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Health%20Check%20Open%20Port%20Vulnerability&vs_k=1

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container.
This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK



Security Impact Rating: Medium



CVE: CVE-2022-20821 Open / Comment

2022-05-19 22:15:04 The rapid digitization of the energy system is creating new risks but also supporting new tools that can improve reliability.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss) Open / Comment

2022-05-19 22:15:04 Open / Comment

2022-05-19 22:15:03 The electricity grid is under threat. Cisco helps keep it safe
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2022/m05/the-electricity-grid-is-under-threat-cisco-helps-keep-it-safe.html?source=rss Open / Comment

2022-05-19 07:11:44 Cisco reported third quarter revenue of $12.8 billion.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss) Open / Comment

2022-05-19 07:11:44 Open / Comment

2022-05-19 07:11:44 Cisco Reports Third Quarter Earnings
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2022/m05/cisco-reports-third-quarter-fy2022-earnings.html?source=rss Open / Comment

2022-05-19 02:50:17 Open / Comment

2022-05-18 19:50:10 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Common%20Services%20Platform%20Collector%20Cross-Site%20Scripting%20Vulnerabilities&vs_k=1

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 
Cisco has released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb



Security Impact Rating: Medium



CVE: CVE-2022-20666,CVE-2022-20667,CVE-2022-20668,CVE-2022-20669,CVE-2022-20670,CVE-2022-20671,CVE-2022-20672,CVE-2022-20673,CVE-2022-20674 Open / Comment