Cisco Channel

2021-02-19 05:23:46 Verizon Business expands Cisco relationship with SD- WAN managed service offers 
https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=2143456&utm_source=newsroom.cisco.com&utm_campaign=Release_2143456&utm_medium=RSS Open / Comment

2021-02-19 02:28:51 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20Smart%20and%20Managed%20Switches%20Cross-Site%20Scripting%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. 
The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
There are no workarounds that address this vulnerability
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss



Security Impact Rating: Medium



CVE: CVE-2020-3121 Open / Comment

2021-02-19 02:28:16 Cisco Small Business Switches Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20Switches%20Information%20Disclosure%20Vulnerability&vs_k=1

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information.
The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos



Security Impact Rating: High



CVE: CVE-2019-15993 Open / Comment

2021-02-18 23:38:57 Shared by Morgan >
https://t.me/c/1276919881/106

Join @TVids Open / Comment

2021-02-17 21:52:25 From circular design to low-power chips, Cisco takes a leadership role on the envir
More RSS Feed: newsroom.cisco.com/rss-feeds (https://newsroom.cisco.com/rss-feeds?utm_source=newsroom.cisco.com&utm_medium=RSS&utm_campaign=More_RSS_Link) ... Open / Comment

2021-02-17 21:52:24 Open / Comment

2021-02-17 21:52:24 The Inclusive Future starts with a liveable planet
https://newsroom.cisco.com/feature-content?type=webcontent&articleId=2139373&utm_source=newsroom.cisco.com&utm_campaign=Feature_2139373&utm_medium=RSS Open / Comment

2021-02-17 19:28:16 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Sensitive%20Information%20Disclosure%20Vulnerabilities&vs_k=1

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information.
These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.
For more information about these vulnerabilities, see the Details (https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml#details) section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S


Security Impact Rating: Medium



CVE: CVE-2021-1412,CVE-2021-1416 Open / Comment

2021-02-17 19:27:47 Cisco Webex Meetings Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-Lz6HbGCt?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Webex%20Meetings%20Cross-Site%20Scripting%20Vulnerability&vs_k=1

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service.
The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-Lz6HbGCt



Security Impact Rating: Medium



CVE: CVE-2021-1351 Open / Comment

2021-02-17 19:26:29 Cisco StarOS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20StarOS%20Denial%20of%20Service%20Vulnerability&vs_k=1

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition.
The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj



Security Impact Rating: Medium



CVE: CVE-2021-1378 Open / Comment