Saturday, December 16, 2017

Cisco Patches Critical Playback Bugs in WebEx Players

A Cisco Systems security advisory is urges users of its WebEx platform to patch six vulnerabilities that could allow attackers to execute remote code.

RAT Distributed Via Google Drive Targets East Asia

Researchers say a new remote access Trojan dubbed UBoatRAT is targeting individuals or organizations linked to South Korea or video games industry.

Cisco WebEx Network Recording Player Denial of Service Vulnerability

A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition.

An attacker could exploit this vulnerability by providing a user with a malicious W...

Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability

A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal securi...

Cisco NX-OS System Software Patch Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches....

Cisco NX-OS System Software Patch Installation Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.

An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due ...

Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format...

Multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF...

Cisco IP Phone 8800 Series Denial of Service Vulnerability

A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts.

All...

Cisco WebEx Meeting Center URL Redirection Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts. The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Ce...

Cisco Jabber Clients Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management inter...

Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command.

An attacker could...

Cisco Jabber Information Disclosure Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client.

An attacker could exploit this vulnerability to gain information to conduct additional attacks....