Omar Santos
Distinguished Engineer
Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations
Articles
Cisco PSIRT Notice About Public Exploitation of the Cisco ASA Web Services Denial of Service Vulnerability
1 min read
With the security of our customers' networks being a top priority, we're actively raising awareness of a vulnerability affecting Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software.
Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerabilit …
4 min read
On January 29, 2018, the Cisco PSIRT published a security advisory about a remote code execution and denial of service vulnerability affecting the Cisco ASA and Cisco Next-Generation Firewall platforms.
Perspective About the Recent WPA Vulnerabilities (KRACK Attacks)
9 min read
On October 16th,Mathy Vanhoef and Frank Piessens, from the University of Leuven, published a paper disclosing a series of vulnerabilities that affect the Wi-Fi Protected Access (WPA) and the...
CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 is Now Available
1 min read
I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the practices for structured machine-readable security vulnerability-related advisories. The CSAF TC is focusing […]
CVRF Version 1.2 Now Available for Public Comment
1 min read
A few months ago, I wrote about the new OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC). The purpose of the CSAF Technical Committee is to standardize the practices for structured machine-readable security vulnerability-related advisories. And then we will further refine those standards over time. The Common Vulnerability Reporting Framework (CVRF) Version 1.2, the […]
Urgent Proactive Customer Notification to Prevent ASA Outages
2 min read
On March 29, Cisco became aware of several customer outages involving different releases and models of Cisco ASA and Cisco Firepower Threat Defense (FTD) appliances. Cisco has published a Field Notice urging Cisco customers who are running specific releases of software to reboot their devices to prevent a device from hanging and stop passing traffic. The issue […]
The Wikileaks Vault 7 Leak – What We Know So Far
3 min read
UPDATE: March 17, 2017 Based on the “Vault 7” public disclosure, Cisco launched an investigation into the products that could potentially be impacted by these and similar exploits and vulnerabilities. As part of the internal investigation of our own products and the publicly available information, Cisco security researchers found a vulnerability in the Cluster Management […]
Keeping Up with Security Vulnerability Disclosures with the Cisco PSIRT openVuln API
3 min read
The Cisco PSIRT openVuln API is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as the Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and Assessment Language (OVAL), Common Vulnerability and Exposure (CVE) identifiers, Common Weakness Enumeration (CWE), and the Common Vulnerability Scoring System (CVSS). This API […]
Scoring Cisco Security Vulnerabilities with CVSSv3
1 min read
The Cisco Product Security Incident Response Team (PSIRT) is now scoring all security advisories addressing security vulnerabilities that affect Cisco products and multivendor vulnerability alerts using the Common Vulnerability Scoring System version 3 (CVSSv3). The stakeholders at the Forum of Incident Response and Security Teams (FIRST) have done a great job in this new version […]
4