Cisco Channel

2021-09-03 23:46:13 Blue check mark journalists are celebrating our offices being destroyed, with some implying we staged a flood. This is no longer about left vs right. This is about good vs evil. Open / Comment

2021-09-03 23:46:13 The generosity and support of the Veritas Army to help us rebuild and become operational again is nothing short of incredible. Thank you all for your continued help as we move forward. https://secure.anedot.com/project-veritas/c485fd2718c915f408eb2 Open / Comment

2021-09-03 23:46:13 The outpouring of support from the Veritas Army is overwhelming. We will rise.

Thank you all.

projectveritas.com/donate Open / Comment

2021-09-03 23:46:13 https://www.projectveritas.com/news/breaking-project-veritas-headquarters-destroyed-urgent-message-from-james/ Open / Comment

2021-09-03 23:46:13 Open / Comment

2021-09-03 23:46:13 Our hearts are broken today as our HQ office in Mamaroneck was devastated by the storm last night. Mamaroneck was one of the hardest city cities in the Northeast. Continuously attacked by external forces since the beginning when we were nothing but a labtop in a carriage house. Out of ashes we continuous rise. We lost a lot, but we are alive. Our Insiders need us to continue fielding tips. The parents from last night need us to continue exposing corrupt teachers. journalists, like the patriots that support us and protect us, will never be defeated by outside forces. It will only because we choose to stop persevering. When we go back to the drawing board there is always that flame that never goes out, a flame that doesn’t go out. Because of what we stand for, the only ones that have the power to stop us is ourselves. Open / Comment

2021-09-01 19:28:08 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Infrastructure%20and%20Cisco%20Evolved%20Programmable%20Network%20Manager%20Information%20Disclosure%20Vulnerability&vs_k=1

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system.
This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2



Security Impact Rating: Medium



CVE: CVE-2021-34733 Open / Comment

2021-09-01 19:27:08 Cisco Identity Services Engine Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-4HnZFewr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Cross-Site%20Scripting%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-4HnZFewr

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.


Security Impact Rating: Medium



CVE: CVE-2021-34759 Open / Comment

2021-09-01 19:26:08 Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Enterprise%20NFV%20Infrastructure%20Software%20Authentication%20Bypass%20Vulnerability&vs_k=1

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator.
This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh



Security Impact Rating: Critical



CVE: CVE-2021-34746 Open / Comment

2021-09-01 19:25:07 Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-collab-xss-fQMDE5GO?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Collaboration%20Provisioning%20Cross-Site%20Scripting%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-collab-xss-fQMDE5GO



Security Impact Rating: Medium



CVE: CVE-2021-34732 Open / Comment