by Chris Brook December 9, 2015
Cisco is warning users this week that several of its products — routers, gateways, and data center platforms — suffer from vulnerabilities.
The company published five advisories across Monday and Tuesday warning of the issues — all which are being marked “medium” severity.
While they all sound pressing, the most concerning vulnerability, at least as far as CVSS scores go, is an access vulnerability (6.5) in the web interface of its Prime Service Catalog.
Full Article
Did I read this correct;ly? No updates or work arounds because no body is using this vulnerability?
"but also adds that it’s not aware of anyone leveraging the vulnerabilities to carry out malicious attacks on systems."@ wrote:
Did I read this correct;ly? No updates or work arounds because no body is using this vulnerability?
Nobody is actually using the vulnerabilities to carry out attacks, well not yet anyway.
Userlevel 7
Does not make sense?? Marked medium severity, and nothing is being done to plug the exploit??
Huge number of vulnerable products
10 Dec 2015 at 02:56, Richard Chirgwin
November's high-profile Java deserialisation bug has bitten Cisco, with the company announcing vulnerabilities across the board in its huge product line.
The problem is so pervasive that it reaches into the most trivial activities of the sysadmin, such as serial number assessment services.
The original advisory made by FoxGlove Security focussed on the Apache Commons Collections (ACCs), but a few days ago, SourceClear warned that it appeared in a lot more libraries than originally believed.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.