Cisco Channel

2021-03-03 19:52:47 Cisco SD-WAN vManage SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20vManage%20SQL%20Injection%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX



Security Impact Rating: Medium



CVE: CVE-2021-1470 Open / Comment

2021-03-03 19:52:27 Cisco SD-WAN vManage Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20vManage%20Information%20Disclosure%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system.
This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB



Security Impact Rating: Medium



CVE: CVE-2021-1232 Open / Comment

2021-03-03 19:52:02 Cisco IP Phones Buffer Overflow and Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IP%20Phones%20Buffer%20Overflow%20and%20Denial%20of%20Service%20Vulnerabilities&vs_k=1

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.
These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.
Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3



Security Impact Rating: Medium



CVE: CVE-2021-1379 Open / Comment

2021-03-02 23:21:18 Raising the bar on inclusive collaboration with Webex solutions
More RSS Feed for Cisco: newsroom.cisco.com/rss-feeds (http://newsroom.cisco.com/rss-feeds?utm_source=newsroom.cisco.com&utm_medium=RSS&utm_campaign=More_RSS_Link) ... Open / Comment

2021-03-02 23:21:18 Open / Comment

2021-03-02 23:21:17 Raising the bar on inclusive collaboration with Webex solutions
https://blogs.cisco.com/collaboration/were-raising-the-bar-on-inclusive-effective-collaboration-with-webex-solutions-for-every-user Open / Comment

2021-03-02 22:24:15 More RSS Feed for Cisco: newsroom.cisco.com/rss-feeds (http://newsroom.cisco.com/rss-feeds?utm_source=newsroom.cisco.com&utm_medium=RSS&utm_campaign=More_RSS_Link) ... Open / Comment

2021-03-02 22:24:15 Open / Comment

2021-03-02 22:24:14 Cisco Completes Acquisition of Acacia
https://blogs.cisco.com/news/cisco-completes-acquisition-of-acacia-2 Open / Comment