Cisco

  • Blog
    digitpatrox2 weeks ago
    54

    Cisco warns of max severity RCE flaws in Identity Services Engine

    Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). The flaws, tracked under CVE-2025-20281 and CVE-2025-20282, are rated with max severity (CVSS score: 10.0). The first impacts ISE and ISE-PIC versions 3.4 and 3.3, while the second affects only version 3.4.…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    63

    Canada says Salt Typhoon hacked telecom firm via Cisco flaw

    The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. During the February 2025 incident, Salt Typhoon exploited the CVE-2023-20198 flaw, a critical Cisco IOS XE vulnerability allowing remote, unauthenticated attackers to create arbitrary accounts and gain admin-level privileges. The flaw was first disclosed in…

    Read More »
  • Blog
    digitpatroxJune 12, 2025
    83

    Cisco eyes network security gains for agentic AI

    Cisco has unveiled a raft of security-focused product updates as the networking giant delves further into agentic AI. Announced at the 2025 Cisco Live event in San Diego this week, the company said it is “fusing security capabilities deeper into its networking infrastructure” in a bid to alleviate AI-related security concerns for enterprise leaders and cyber professionals alike. These updates…

    Read More »
  • Blog
    digitpatroxJune 6, 2025
    81

    Cisco patches critical flaw affecting Identity Services Engine

    Cisco has issued patches for three vulnerabilities affecting its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) services. The three flaws, tracked as CVE-2025-20286, CVE-2025-20130, and CVE-2025-20129, included critical vulnerability with a rating of 9.9/10 which also included a public proof of concept exploit. Highest on the list priorities for customers was CVE-2025-20286, which was detailed as a ‘static…

    Read More »
  • Blog
    digitpatroxJune 4, 2025
    81

    Cisco warns of ISE and CCP flaws with public exploit code

    Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. The most severe of the three is a critical static credential vulnerability tracked as CVE-2025-20286, found by GMO Cybersecurity’s Kentaro Kawane in Cisco ISE. This identity-based policy enforcement software provides endpoint access control and network device…

    Read More »
  • Blog
    digitpatroxJune 1, 2025
    81

    Exploit details for max severity Cisco IOS XE flaw now public

    Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. The write-up by Horizon3 researchers does not contain a ‘ready-to-run’ proof of concept RCE exploit script, but it does provide enough information for a skilled attacker or even an LLM to fill…

    Read More »
  • Blog
    digitpatroxMay 9, 2025
    104

    Cisco fixes max severity IOS XE flaw letting attackers hijack devices

    Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. This token is meant to authenticate requests to a feature called ‘Out-of-Band AP Image Download.’ Since it’s hard-coded, anyone can impersonate an authorized user without credentials. The vulnerability is…

    Read More »
  • Blog
    digitpatroxMay 7, 2025
    98

    96% of businesses have low cyber-readiness, claims Cisco

    Businesses worldwide are still unprepared for a myriad of cyber attacks, according to the latest Cisco Cybersecurity Readiness Index. The networking specialist categorizes companies’ cyber readiness as Mature, Progressive, Formative, and Beginner based on what it considers to be the five most important pillars of cybersecurity for businesses today. These include: Identity Intelligence Machine Trustworthiness Network Resilience Cloud Reinforcement AI…

    Read More »
  • Blog
    digitpatroxApril 28, 2025
    100

    Cisco takes aim at AI security at RSAC with ServiceNow partnership

    Cisco and ServiceNow have kicked off RSAC Conference 2025 in San Francisco by announcing a new aspect of their seven-year collaboration. It brings together the former’s AI Defense product with the latter’s SecOps, with the companies claiming the integration will provide “more holistic AI risk management and governance”. Speaking ahead of the announcement, Cisco’s EVP and chief product officer Jeetu…

    Read More »
  • Blog
    digitpatroxApril 25, 2025
    104

    Westcon-Comstor unveils new managed SOC solution for Cisco partners

    Westcon-Comstor has announced the launch of a new managed security operations center (SOC) solution, available via its Cisco-focused Comstor arm. The solution is the first managed SOC offering launched by the distribution giant and the first to be powered by Cisco’s extended detection and response (XDR) capabilities. With the Managed XDR SOC, Comstor said partners across the EMEA region will…

    Read More »
Load More
Back to top button
close