Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This...

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers...

CVE-2025-20128 ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following advisories and apply necessary updates: • Cisco...

Cisco Releases Security Updates for Multiple Products

Cisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and AP software. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service. CISA encourages users and administrators to review the following advisories and apply the necessary...

Vulnerability fixed in Cisco ASA and Firepower Threat defense

Cisco has fixed a vulnerability in ASA and FTD. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the vulnerable system. The vulnerability is in the way ASA and FTD handle SSL/TLS traffic. Cisco has released updates to fix the vulnerability i...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

Vulnerability fixed in Brocade Fabric OS

A vulnerability has been fixed in Brocade Fabric OS. There is at least one account with hardcoded credentials where the administrator is not forced to change the password by default. adjust. With the new versions of Fabric OS, this is now mandatory. Cisco has released updates to fix the...

Vulnerability fixed in Snort

A vulnerability has been fixed in Snort. The vulnerability allows an unauthenticated remote malicious person to enable an security measure to bypass. Cisco has released updates to fix the vulnerability. More information can be found on the page below: https://tools.cisco.com/security/center/conte...

Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability

A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a Performance Routing Engine PRE crash on a targeted system, resulting in a denial of service DoS condition. The vulnerability is due to a race condition that may cause a...

Cisco IOS Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the Autonomic Networking Infrastructure ANI feature of Cisco IOS software could allow an unauthenticated, remote attacker to overwrite some configuration values received via ANI. The vulnerability is due to insufficient validation of received Autonomic Networking AN messages. A...