Сisсо Сhаnnеl

Logicalis is first global partner to launch Cisco XDR as a Managed Service, offering advanced cyberattack visibility, AI automation, and threat intelligence.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)

Logicalis becomes the first global partner to launch Cisco XDR as a managed service 
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m11/logicalis-becomes-the-first-global-partner-to-launch-cisco-xdr-as-a-managed-service.html?source=rss

Listen up!

Cisco and the OECD launch the Digital Well-being Hub to holistically study technology's impact on well-being and shape inclusive digital policies.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)

Cisco and the OECD: Building the World's First Full Picture of Digital Well-being
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m11/cisco-oecd-digital-well-being.html?source=rss

Pass it on!

DONALD TRUMP IS THE 47TH PRESIDENT OF THE UNITED STATES!!!!!

Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Manager%20IM%20&%20Presence%20Service%20Information%20Disclosure%20Vulnerability%26vs_k=1

A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n

Security Impact Rating: Medium


CVE: CVE-2024-20457

Cisco 7800, 8800, and 9800 Series Phones Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%207800,%208800,%20and%209800%20Series%20Phones%20Information%20Disclosure%20Vulnerability%26vs_k=1

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.
Note: Web Access is disabled by default.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG


Security Impact Rating: Medium


CVE: CVE-2024-20445

Cisco Identity Services Engine Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Vulnerabilities%26vs_k=1

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface, perform a path traversal attack, read and delete arbitrary files on an affected device, or conduct a server-side request forgery (SSRF) attack through the device.
For more information about these vulnerabilities, see the Details (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy?vs_f=Cisco Security Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco Identity Services Engine Vulnerabilities%26vs_k=1#details) section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy

Security Impact Rating: Medium


CVE: CVE-2024-20525,CVE-2024-20527,CVE-2024-20528,CVE-2024-20529,CVE-2024-20530,CVE-2024-20531,CVE-2024-20532

Cisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Authorization%20Bypass%20and%20Cross-Site%20Scripting%20Vulnerabilities%26vs_k=1

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to conduct an authorization bypass attack and cross-site scripting (XSS) attacks against a user of the web-based management interface on an affected device.
For more information about these vulnerabilities, see the Details (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE?vs_f=Cisco Security Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities%26vs_k=1#details) section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE

Security Impact Rating: Medium


CVE: CVE-2024-20537,CVE-2024-20538,CVE-2024-20539

Cisco Identity Services Engine Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Vulnerabilities%26vs_k=1

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to either bypass the authorization mechanisms or conduct a cross-site scripting (XSS) attack.
For more information about these vulnerabilities, see the Details (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5?vs_f=Cisco Security Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco Identity Services Engine Vulnerabilities%26vs_k=1#details) section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5

Security Impact Rating: Medium


CVE: CVE-2024-20476,CVE-2024-20487

Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%206800,%207800,%208800,%20and%209800%20Series%20Phones%20with%20Multiplatform%20Firmware%20Stored%20Cross-Site%20Scripting%20Vulnerabilities%26vs_k=1

Multiple vulnerabilities in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.
These vulnerabilities exist because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Note: To exploit these vulnerabilities, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF

Security Impact Rating: Medium


CVE: CVE-2024-20533,CVE-2024-20534