Cisco News and Vulnerabilities
This channel is not official
Boost the channel!!
https://t.me/Cisco?boost
More:
@PopPolls
@QubesOS 💻
@CiscoChat
@Net3A
t.me/Cisco/22556
@cisco is a dedicated channel for boost and more with regular updates in Кибербезопасность
Пока нет отзывов. Будьте первым, кто поделится своим опытом!
Последние посты
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
Cisco Secure AI Factory with NVIDIA Makes AI Easier to Deploy and Secure, Anywhere Organizations Need It
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/cisco-secure-ai-factory-with-nvidia-GTC-2026.html?source=rss
551
0
0
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
📷 Photo
564
0
0
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
Expanded Cisco Secure AI Factory with NVIDIA gives customers a framework for deploying AI infrastructure – from central data center to local sites.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html ( https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
596
0
0
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
Rebuilding the foundation: Why AI infrastructure needs to change
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/rebuilding-the-foundation-why-ai-infrastructure-needs-to-change.html?source=rss
471
0
0
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
📷 Photo
872
0
0
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
Learn how Cisco is enabling customers to meet the demands of AI and cloud neworking through innovative optical and optics technologies.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html ( https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
944
0
0
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
Cisco Secure AI Factory: powering agentic AI at scale
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/cisco-secure-ai-factory-powering-agentic-ai-at-scale.html?source=rss
494
0
0
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
📷 Photo
518
0
0
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
Cisco’s integrated tech stack—from silicon to software—powers secure, scalable enterprise AI adoption.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html ( https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
546
0
0
Сisсо Сhаnnеl
20 мар. 2026 г., 03:38
Cisco introduces optical innovations to power the backbone for AI networking
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/cisco-introduces-optical-innovations-to-power-the-backbone-for-ai-networking.html?source=rss
812
0
0
Сisсо Сhаnnеl
19 мар. 2026 г., 11:53
Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoIOSXREgressPacketNetworkInterfaceAlignerInterruptDenialofServiceVulnerability&vs_k=1
A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software could allow an unauthenticated, remote attacker to cause the network processing unit (NPU) and ASIC to stop processing, preventing traffic from traversing the interface.
This vulnerability is due to the corruption of packets in specific cases when an EPNI Aligner interrupt is triggered while an affected device is experiencing heavy transit traffic. An attacker could exploit this vulnerability by sending a continuous flow of crafted packets to an interface of the affected device. A successful exploit could allow the attacker to cause persistent, heavy packet loss, resulting in a denial of service (DoS) condition.
Note: If active exploitation of this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider.
Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates. This change was made because the affected device operates within a critical network segment where compromise could lead to significant disruption or exposure, thereby elevating the overall risk beyond the base technical severity.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
This advisory is part of the March 2026 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ( https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75772).
Security Impact Rating: High
CVE: CVE-2026-20118
Сisсо Сhаnnеl
19 мар. 2026 г., 11:53
Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=MultipleCiscoContactCenterProductsCross-SiteScriptingVulnerabilities&vs_k=1
Multiple vulnerabilities in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
These vulnerabilities exist because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh
Security Impact Rating: Medium
CVE: CVE-2026-20116,CVE-2026-20117
387
Сisсо Сhаnnеl
19 мар. 2026 г., 11:53
Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoIOSXRSoftwareCLIPrivilegeEscalationVulnerabilities&vs_k=1
Multiple vulnerabilities in Cisco IOS XR Software could allow an authenticated, local attacker to execute commands as root on an underlying operating system or gain full administrative control of an affected device.
For more information about these vulnerabilities, see the Details ( https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoIOSXRSoftwareCLIPrivilegeEscalationVulnerabilities&vs_k=1#details) section of this advisory.
Cisco has released software updates that address these vulnerabilities. A workaround is available for one of the vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
This advisory is part of the March 2026 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ( https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75772).
Security Impact Rating: High
CVE: CVE-2026-20040,CVE-2026-20046
461
Сisсо Сhаnnеl
19 мар. 2026 г., 11:53
Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoIOSXRSoftwareMulti-InstanceIntermediateSystem-to-IntermediateSystemDenialofServiceVulnerability&vs_k=1
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly.
This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition.
Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
This advisory is part of the March 2026 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ( https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75772).
Security Impact Rating: High
CVE: CVE-2026-20074
Supporting women — and wellness — in cybersecurity
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/supporting-women-and-wellness-in-cybersecurity.html?source=rss
847
0
0
Сisсо Сhаnnеl
18 мар. 2026 г., 02:30
📷 Photo
904
0
0
Сisсо Сhаnnеl
18 мар. 2026 г., 02:30
When Jothi Dugar isn’t battling cybercriminals, she’s helping people be their best, most authentic selves in the workplace.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html ( https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
977
0
0
Сisсо Сhаnnеl
16 мар. 2026 г., 00:07
On Employee Appreciation Day, Corey Cooper reflects on 30 years of family history and Cisco’s rise to global tech leadership.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html ( https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
1,280
0
0
Сisсо Сhаnnеl
16 мар. 2026 г., 00:07
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua Code Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-luainject-VescqgmS?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoSecureFirewallAdaptiveSecurityApplianceandSecureFirewallThreatDefenseSoftwareLuaCodeInjectionVulnerability&vs_k=1
A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root.
This vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-luainject-VescqgmS
This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication ( https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75736).
Security Impact Rating: Medium
CVE: CVE-2026-20008
Сisсо Сhаnnеl
16 мар. 2026 г., 00:07
For This Father-Son Duo, Cisco Is Family
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/for-this-father-son-duo-cisco-is-family.html?source=rss
1,040
0
0
Сisсо Сhаnnеl
16 мар. 2026 г., 00:07
📷 Photo
1,140
0
0
Сisсо Сhаnnеl
16 мар. 2026 г., 00:07
Cisco Secure Firewall Threat Defense Software TLS with Snort 3 Detection Engine Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-rHfqnwRg?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoSecureFirewallThreatDefenseSoftwareTLSwithSnort3DetectionEngineDenialofServiceVulnerability&vs_k=1
A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper implementation of the TLS protocol. An attacker could exploit this vulnerability by sending a crafted TLS packet to an affected system. A successful exploit could allow the attacker to cause a device that is running Cisco Secure FTD Software to drop network traffic, resulting in a DoS condition.
Note: TLS 1.3 is not affected by this vulnerability.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-rHfqnwRg
This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication ( https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75736).
Security Impact Rating: Medium
CVE: CVE-2026-20006
Сisсо Сhаnnеl
16 мар. 2026 г., 00:07
Cisco Secure Firewall Threat Defense Software Snort Deep Inspection Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort-bypass-rLggKzVF?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoSecureFirewallThreatDefenseSoftwareSnortDeepInspectionBypassVulnerability&vs_k=1
A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rules and allow traffic onto the network that should have been dropped.
This vulnerability is due to a logic error in the integration of the Snort Engine rules with Cisco Secure FTD Software that could allow different Snort rules to be hit when deep inspection of the packet is performed for the inner and outer connections. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device that would hit configured Snort rules. A successful exploit could allow the attacker to send traffic to a network where it should have been denied.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort-bypass-rLggKzVF
This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication ( https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75736).
Security Impact Rating: Medium
CVE: CVE-2026-20007
Сisсо Сhаnnеl
11 мар. 2026 г., 09:50
Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-FCvLD6vR?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoSecureFirewallAdaptiveSecurityApplianceSoftwareTCPFloodDenialofServiceVulnerability&vs_k=1
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly.
This vulnerability is due to improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sending a crafted stream of traffic to an affected device. A successful exploit could allow the attacker to prevent all incoming TCP connections to the device from being established, including remote management access, Remote Access VPN (RAVPN) connections, and all network protocols that are TCP-based. This results in a denial of service (DoS) condition for affected features.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-FCvLD6vR
This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication ( https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75736).
Security Impact Rating: High
CVE: CVE-2026-20082
Сisсо Сhаnnеl
11 мар. 2026 г., 09:50
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-SpOFF2Re?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoSecureFirewallAdaptiveSecurityApplianceandSecureFirewallThreatDefenseSoftwareVPNWebServerDenialofServiceVulnerability&vs_k=1
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-SpOFF2Re
This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication ( https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75736).
Security Impact Rating: High
CVE: CVE-2026-20039
Сisсо Сhаnnеl
11 мар. 2026 г., 09:50
Cisco Secure Firewall Adaptive Security Appliance Software Multiple Context Mode SCP Unauthorized File Access Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-scpcxt-filecpy-rgeP73nE?vs_f=CiscoSecurityAdvisory&vs_cat=SecurityIntelligence&vs_type=RSS&vs_p=CiscoSecureFirewallAdaptiveSecurityApplianceSoftwareMultipleContextModeSCPUnauthorizedFileAccessVulnerability&vs_k=1
A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files.
This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the Cisco SSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services that pertain to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context.
Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-scpcxt-filecpy-rgeP73nE
This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication ( https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75736).
Security Impact Rating: High
CVE: CVE-2026-20062
