TL;DR 📌

A medium-severity vulnerability has been identified in the Geolocation-Based Remote Access VPN feature of Cisco Secure Firewall Threat Defense Software. This flaw allows unauthenticated attackers to bypass security policies, potentially granting unauthorized access to restricted networks. No workarounds are available, and software updates are necessary to mitigate the risk.

What happened 🕵️‍♂️

A vulnerability in Cisco Secure Firewall Threat Defense (FTD) Software’s Geolocation-Based Remote Access (RA) VPN feature could enable an unauthenticated, remote attacker to bypass configured policies that control HTTP connections based on geographical location. This issue arises from incomplete URL parsing, allowing attackers to exploit it by sending crafted HTTP connections. Successful exploitation could lead to unauthorized access to networks that should otherwise be protected.

TL;DR 📌

A vulnerability in the TLS 1.3 implementation for Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Software on Firepower 3100 and 4200 Series devices could allow an authenticated remote attacker to cause a denial of service (DoS) condition. This affects the device’s ability to accept new SSL/TLS or VPN requests. Cisco has released software updates to address this issue, and there are workarounds available.

TL;DR 📌

A high-severity vulnerability has been identified in the Cisco Catalyst Center, allowing unauthenticated remote attackers to read and modify proxy configuration settings via an unprotected API endpoint. This could disrupt internet traffic or allow interception of outbound traffic. Users are advised to upgrade to fixed software version 2.3.7.9 or later.

What happened 🕵️‍♂️

A vulnerability in the management API of Cisco Catalyst Center (formerly Cisco DNA Center) has been discovered. This issue stems from a lack of authentication on an API endpoint, enabling unauthenticated remote attackers to send requests that could read or modify the outgoing proxy configuration. Such exploitation could disrupt internet traffic or allow attackers to intercept outbound traffic.

TL;DR 📌

A medium-severity vulnerability in the Cisco Webex Meeting Client could allow an unauthenticated attacker on a local network to join meetings as another user. Cisco has addressed this issue, and no user action is required.

What happened 🕵️‍♂️

A vulnerability was identified in the meeting-join functionality of Cisco Webex Meetings. This flaw could permit an unauthenticated, network-proximate attacker to impersonate a legitimate user during the meeting-join process. The vulnerability arises from issues with client certificate validation, allowing an attacker to intercept and complete a meeting-join flow if they are positioned on a local or adjacent network. Cisco has confirmed that there is no known malicious exploitation of this vulnerability.

TL;DR 📌

Multiple stored cross-site scripting (XSS) vulnerabilities have been identified in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). These vulnerabilities could allow authenticated attackers to modify configurations or execute malicious scripts. Software updates are available to address these issues, but no workarounds exist.

What happened 🕵️‍♂️

Cisco has disclosed multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). These vulnerabilities could allow an authenticated, remote attacker to conduct stored XSS attacks or modify device configurations. The vulnerabilities stem from insufficient validation of user input and lack of server-side validation of administrator permissions.

TL;DR 📌

A medium-severity vulnerability has been identified in Cisco Catalyst Center, allowing authenticated remote attackers to read and modify data due to insufficient access control on HTTP requests. No workarounds are available, and affected users are advised to upgrade to fixed software versions.

What happened 🕵️‍♂️

Cisco has disclosed a vulnerability in the Cisco Catalyst Center, formerly known as Cisco DNA Center. This flaw stems from insufficient enforcement of access control on HTTP requests, enabling an authenticated remote attacker to exploit the vulnerability by sending a crafted HTTP request. A successful exploit could allow attackers to read and modify data managed by an internal service on the affected device.

TL;DR 📌

Cisco published a security advisory. See the Fixed software table below for the version you should upgrade to.

What happened 🕵️‍♂️

A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system.

This vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected system. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the affected system.

TL;DR 📌

A medium-severity vulnerability has been identified in the Cisco Catalyst SD-WAN Manager, allowing authenticated local attackers to overwrite arbitrary files on the device. Immediate software updates are recommended as there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the command-line interface (CLI) of the Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage) could allow an authenticated local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability arises from improper access controls on files in the local file system. An attacker with valid read-only credentials can exploit this by executing crafted commands, potentially gaining root user privileges.

TL;DR 📌

A vulnerability in the Cisco Catalyst SD-WAN Manager could allow an unauthenticated remote attacker to access sensitive information due to improper certificate validation. Cisco has released updates to address this issue, but there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability has been identified in the certificate validation processing of Cisco Catalyst SD-WAN Manager, previously known as Cisco SD-WAN vManage. This flaw could enable an unauthenticated remote attacker to exploit improper validation of certificates used by the Smart Licensing feature. By intercepting traffic sent over the Internet, an attacker could potentially gain access to sensitive information, including device credentials for connecting to Cisco cloud services.

TL;DR 📌

A command injection vulnerability has been identified in the Cisco Duo Self-Service Portal, allowing unauthenticated remote attackers to inject arbitrary commands into emails sent by the service. Cisco has addressed this issue, and no customer action is necessary.

What happened 🕵️‍♂️

A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails sent by the service. This is due to insufficient input validation. A successful exploit could enable attackers to send emails containing malicious content to unsuspecting users.