Cisco fixed command injection bug in IOx Application Hosting Environment

Cisco fixed a high-severity flaw in the IOx application hosting environment that can be exploited in command injection attacks. Cisco has released security updates to address a command injection vulnerability, tracked as CVE-2023-20076, in the Cisco IOx application hosting environment. “A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker […]

Continue Reading

Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots

Cisco on Wednesday announced patches for a high-severity command injection vulnerability in the IOx application hosting environment that could allow malicious code to persist across reboots. Tracked as CVE-2023-20076, the security defect exists because parameters that are passed for the activation of an application are not completely sanitized. “An attacker could exploit this vulnerability by […]

Continue Reading

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)

Cisco has released patches for a high-severity vulnerability (CVE-2023-20076) found in some of its industrial routers, gateways and enterprise wireless access points, which may allow attackers to insert malicious code that can’t be deleted by simply rebooting the device or updating its firmware. “In this case, the command injection bypasses mitigations Cisco has in place […]

Continue Reading

Video walkthrough: Cybertech Tel Aviv 2023

Help Net Security is in Israel this week for Cybertech Tel Aviv 2023, talking to the key players from the cybersecurity industry and businesses from a wide range of sectors, who gathered to exchange knowledge, to network, and learn about technological innovations and solutions for combating cyber threats. The vendors featured in this video are: […]

Continue Reading

Cisco Unified CM SQL Injection Flaw Let Attackers Execute Crafted SQL Queries

Cisco released fixes for Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition to address high-severity SQL injection vulnerability. “An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system”, Cisco reports. “A successful exploit could allow the attacker to […]

Continue Reading

Around 19,500 end-of-life Cisco routers are exposed to hack

Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. Cisco recently warned of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers. The IT giant announced that these devices will receive no security […]

Continue Reading

Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)

Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.” Proof-of-concept exploit code for CVE-2023-20025 and CVE-2023-20026 is available online, but there is currently no indication of any of these flaws […]

Continue Reading

Ransomware: The security debt collector

High-profile ransomware news stories grabbed headlines a few years ago but faded in popularity as other attacks like cryptojacking grew more profitable. Since the first months of 2020, ransomware attacks have been on the rise and are in the news again. In this presentation, Dave Lewis, Global Advisory CISO at Cisco, talks about the historical […]

Continue Reading