This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

Cisco Patches Vulnerabilities in Multiple Products (June 2021)

Thursday, June 17, 2021

Cisco has released software updates to fix high priority vulnerabilities in multiple products.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
US NCAS: Cisco Releases Security Updates for Multiple Products
Cisco Security Advisories

Cisco Patches Vulnerabilities in Multiple Products

Wednesday, May 19, 2021

Cisco has released software updates to fix high priority vulnerabilities in multiple products.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability
Cisco Modeling Labs Web UI Command Injection Vulnerability

Cisco Patches Critical Vulnerabilities in SD-WAN vManage and HyperFlex HX

Wednesday, May 5, 2021

Cisco has released software updates to fix critical vulnerabilities in Cisco SD-WAN vManage and the web interface for HyperFlex HX servers.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
Cisco SD-WAN vManage Software Vulnerabilities
Cisco HyperFlex HX Command Injection Vulnerabilities

F5 Patches Authentication Bypass Vulnerability in BIG-IP APM AD Auth

Wednesday, April 28, 2021

F5 announced patches for BIG-IP to fix a high priority authentication bypass vulnerability in APM AD auth.

An APM access policy configured with AD authentication and SSO (single sign-on) agent could be vulnerable to attacks where a spoofed credential can result in local administrator access.

System administrators are urged to update BIG-IP as soon as possible.

Important links:
BIG-IP APM AD authentication vulnerability CVE-2021-23008
BIG-IP update and upgrade guide
Frequently asked questions for upgrade and update videos

F5 Patches Critical Vulnerabilities in BIG-IP and BIG-IQ

Wednesday, March 10, 2021

F5 announced patches for BIG-IP and BIG-IQ to fix 4 critical vulnerabilities that can lead to complete system compromise.

Attackers are known to be exploiting these vulnerabilities in the wild, so system administrators are urged to update BIG-IP and BIG-IQ as soon as possible.

Read the full details here:
Overview of F5 vulnerabilities (March 2021)
BIG-IP update and upgrade guide
Upgrading ELA BIG-IP VE through BIG-IQ License manager
Frequently asked questions for upgrade and update videos

Cisco Patches Critical Vulnerability in NX-OS Software

Wednesday, February 24, 2021

Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode be updated immediately to avoid potential exploitation.

Read the full details here:
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability