Historically, threat actors have targeted network devices to create disruption through a denial of service (DoS) situation. While this remains the most common type of attack on network devices, we continue to see advances that focus on further compromising the victim’s infrastructure. Recently, the Cisco Product Security Incident Response Team (PSIRT) has alerted customers around […]
We are now more than one year on from the release of HeartBleed, the first major vulnerability disclosed in widely used third-party code. This is an excellent point in time to look back at what Cisco and our customers have achieved since, including how the Cisco Product Security Incident Response Team (PSIRT) has evolved to […]
On April 13th, 2015, Cisco PSIRT was made aware of multiple instances of customer disruption in a specific region caused by a denial of service attack against Cisco devices. We responded quickly to support speedy restoration for our customers. Our ongoing investigation has shown that the storage of some Cisco devices was erased, removing both […]
Today, we released the first ever Cisco IOS Software and IOS XE Software Security Advisory Bundled Publication. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year). In direct response to your feedback, we have also included a Cisco Security Advisory addressing vulnerabilities […]
This blog post was authored by Troy Fridley and Omar Santos of Cisco PSIRT. On Mar 9 2015, the Project Zero team at Google revealed findings from new research related to the known issue in the DDR3 Memory specification referred to as “Row Hammer”. Row Hammer is an industry-wide issue that has been discussed publicly […]
Cisco PSIRT is aware of public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability identified by Cisco bug ID CSCup36829 (registered customers only) and CVE ID CVE-2014-3393. This vulnerability was disclosed on the 8th of October 2014 in the Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software. All customers that have customizations […]
Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan and help […]
The Cisco IOS Software Security Advisory Bundled Publication will go live in seven days and this time we will have an important update to the Cisco IOS Software Checker to go along with it. As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the […]
Ed Paradise, Vice President of Engineering for Cisco’s Threat Response, Intelligence and Development Group Much has been made of the industry-wide Heartbleed vulnerability and its potential exploitation. Cisco was among the first companies to release a customer Security Advisory when the vulnerability became public, and is now one of many offering mitigation advice. Those dealing […]
