|
|
Dernières alertes de sécurité
Reports about Cyber Actors Hiding in Router Firmware
> date : 2023-09-27 18:19:00
> lien :
https://sec.cloudapps.cisco.com/security/center/content/Cisc...
On September 27, 2023, the U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released a joint cybersecurity advisory (CSA) detailing activities of the cyber actors known as BlackTech.
For a description of this report, see People's Republic of China-Linked Cyber Actors Hide in Router Firmware.
Cisco has reviewed the report. Cisco would like to highlight the following key facts:
The most prevalent initial access vector in these attacks involves stolen or weak administrative credentials. As outlined in the report, certain configuration changes, such as disabling l [...]
Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability
> date : 2023-09-27 16:00:00
> lien :
https://sec.cloudapps.cisco.com/security/center/content/Cisc...
A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.
This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Th [...]
Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability
> date : 2023-09-27 16:00:00
> lien :
https://sec.cloudapps.cisco.com/security/center/content/Cisc...
A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco [...]
Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability
> date : 2023-09-27 16:00:00
> lien :
https://sec.cloudapps.cisco.com/security/center/content/Cisc...
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com [...]
|
page précédente |
page 3 |
page suivante |
|
|
Reports about Cyber Actors Hiding in Router Firmware
Sécurité
Classement
