Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models. The company identified this highest level of vulnerability in its product while analyzing "Vault 7" — a roughly 8,761 documents and files leaked by Wikileaks last week.
The vulnerability resides in the CMP processing code in Cisco IOS and Cisco IOS XE Software. If exploited, the flaw could allow an unauthenticated, remote attacker to cause a reboot of an affected device or remotely execute malicious code on the device with elevated privileges to take full control of the device.Read more
Users of Cisco's Professional Careers mobile site, mjobs.cisco.com, have been warned of a potential leak of their data, which the networking giant is pinning on an incorrect security setting.
"Cisco's investigation found this to be the result of an incorrect security setting following system maintenance on a third-party's website," the company said in its advisory. "Upon learning this, the setting was immediately corrected and user passwords to the site were reset." The setting was found to be in place between August and September 2015, and July and August 2016, the company said.Read more
Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA's hacking exploits and implants leaked by the group calling itself "The Shadow Brokers."
Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA's Equation Group, which was designed to target major vendors including, Cisco, Juniper, and Fortinet. Cisco analyzed the exploit and noted that it had not identified any new flaws related to this exploit in its current products.Read more
Cisco’s chief executive has written to President Barack Obama warning of a collapse of trust in US technology after evidence emerged showing the National Security Agency breaking into his company’s equipment.
In a letter John Chambers called for “standards of conduct” to rein in government surveillance so that national security objectives do not interfere with the US’s leading position in the global technology market. The letter was dated the day after pictures circulated on the internet showing NSA staff opening boxes of Cisco gear so that the US security agency can monitor internet traffic after the equipment has been shipped to customers. Mr Chambers complained that the NSA actions would undermine confidence among customers of US technology firms.Read more