Cisco Channel

2021-02-17 19:25:19 Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Shared Memory Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wda-pt-msh-6LWOcZ5?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Webex%20Meetings%20Desktop%20App%20and%20Webex%20Productivity%20Tools%20for%20Windows%20Shared%20Memory%20Information%20Disclosure%20Vulnerability&vs_k=1

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system.
This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens.
Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wda-pt-msh-6LWOcZ5



Security Impact Rating: Medium



CVE: CVE-2021-1372 Open / Comment

2021-02-17 19:24:23 Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-hijac-JrcTOQMC?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20AnyConnect%20Secure%20Mobility%20Client%20for%20Windows%20with%20VPN%20Posture%20(HostScan)%20Module%20DLL%20Hijacking%20Vulnerability&vs_k=1

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client.
This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-hijac-JrcTOQMC



Security Impact Rating: High



CVE: CVE-2021-1366 Open / Comment

2021-02-13 19:00:01 Do you want to expose your company for illegal activities and/or violations?

Join Project Suson and message @Undercover3LetterAgent with in-depth details. All whistleblowers will remain confidential!

We highly recommend voice and video recordings to be shared with us. > @Suson Open / Comment

2021-02-12 22:07:07 Cisco and the government of Japan are collaborating on mass-scale digitization projects that will support the government's broader inclusive pandemic recovery measures
More RSS Feed: newsroom.cisco.com/rss- ... (https://newsroom.cisco.com/rss-feeds?utm_source=newsroom.cisco.com&utm_medium=RSS&utm_campaign=More_RSS_Link) Open / Comment

2021-02-12 22:07:07 Open / Comment

2021-02-12 22:07:06 Cisco Launches Digitization Program in Japan to Support Inclusive Pandemic Recovery
https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=2142302&utm_source=newsroom.cisco.com&utm_campaign=Release_2142302&utm_medium=RSS Open / Comment

2021-02-12 22:06:43 Open / Comment

2021-02-12 22:06:43 Cisco Webex named Official Collaboration Partner of McLaren Formula 1 team
https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=2142432&utm_source=newsroom.cisco.com&utm_campaign=Release_2142432&utm_medium=RSS Open / Comment

2021-02-12 03:52:02 Follow Camilla Ngala Timfe and Stephanie Harvey's journeys with Cisco Networking Ac
More RSS Feed: newsroom.cisco.com/rss-feeds (https://newsroom.cisco.com/rss-feeds?utm_source=newsroom.cisco.com&utm_medium=RSS&utm_campaign=More_RSS_Link) ... Open / Comment

2021-02-12 03:52:01 Open / Comment