CYBER 101

  • Alerts
  • Blog
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Domains
  • FAQ
  • Incidents
  • Tutorials

Subscribe to our newsletter

FOLLOW US

No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Jobs
  • Vendors
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
  • Jobs
  • Vendors
Get Help
CyberMaterial
Home Alerts

Old vulnerabilities in Cisco products actively exploited in the wild

December 19, 2022
Reading Time: 3 mins read
in Alerts

 

Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products.

The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software.

Below are the critical vulnerabilities being exploited in attacks in the wild:

  • CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the DHCP relay subsystem in IOS and IOS XE software. The vulnerability could be exploited by a remote and unauthenticated attacker that can execute arbitrary code and gain full control of the targeted system. The flaw could be also exploited to cause a denial-of-service (DoS) condition by triggering a buffer overflow via specially crafted DHCPv4 packets.
  • CVE-2018-0125 (CVSS score of 9.8) – A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
  • CVE-2018-0147 (CVSS score of 9.8) – The vulnerability is a Java deserialization issue that affects Cisco Access Control System (ACS) that can be exploited by an unauthenticated, remote attacker to execute arbitrary commands with root privileges on an affected device.
  • CVE-2018-0171 (CVSS score of 9.8) – The vulnerability affects the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software, it could be exploited by an unauthenticated, remote attacker to cause a reload of a vulnerable device or to execute arbitrary code on an affected device.
  • CVE-2021-1497 (CVSS score of 9.8) – The vulnerability is a Command Injection issue that resides in the web-based management interface of Cisco HyperFlex HX.

Organizations are recommended to review the Cisco’s advisories and apply security patches released by the company.

READ FULL ARTICLE

Tags: AlertsAlerts 2022CiscoDecember 2022Security AdvisoryUpdatesVulnerabilities
0
VIEWS
ADVERTISEMENT

Related Posts

Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping

Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping

February 6, 2023
FormBook Malware Spreads via Malvertising Using MalVirt Loader

FormBook Malware Spreads via Malvertising Using MalVirt Loader

February 6, 2023
OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

February 6, 2023
Dell security advisory (AV23-071)

Dell security advisory (AV23-071)

February 6, 2023

More Articles

Document

NIST Cryptographic Standards and Guidelines Development Process

May 26, 2022
Alerts

Fortinet security advisory (AV22-050)

February 2, 2022
Alerts

Oracle Releases April 2022 Critical Patch Update

April 19, 2022
Alerts

Microsoft Security Advisory (AV22-513)

September 13, 2022

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.