serisec

Category: Cisco

  • Hackers Exploiting Cisco Firepower Devices’ Using n-day Vulnerabilities to Gain Unauthorized Access

    Hackers Exploiting Cisco Firepower Devices’ Using n-day Vulnerabilities to Gain Unauthorized Access State-sponsored threat actors are actively targeting Cisco Firepower devices by chaining known vulnerabilities to deploy a highly customized backdoor. Cisco Talos recently discovered that the espionage-focused threat group UAT-4356 is exploiting two n-day vulnerabilities, tracked as CVE-2025-20333 and CVE-2025-20362, to infiltrate Firepower Extensible…

  • Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication

    Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication Cisco has recently disclosed a critical security flaw affecting its Integrated Management Controller (IMC), prompting the release of urgent software updates. The vulnerability, officially tracked as CVE-2026-20093, has been assigned a critical Base CVSS score of 9.8, indicating the highest level of severity. This security weakness is…

  • Cisco Secure Firewall Management Vulnerability Allow Attackers to Bypass Authentication

    Cisco Secure Firewall Management Vulnerability Allow Attackers to Bypass Authentication Cisco has released a critical security advisory warning of a severe vulnerability in its Secure Firewall Management Center (FMC) Software. This flaw allows an unauthenticated, remote attacker to bypass authentication and execute script files, thereby gaining full root access to the underlying operating system. The…

  • Cisco Catalyst SD-WAN Vulnerabilities Allow Attackers to Gain Root Access

    Cisco Catalyst SD-WAN Vulnerabilities Allow Attackers to Gain Root Access An urgent security advisory from Cisco warns that multiple vulnerabilities in Cisco Catalyst SD-WAN Manager could allow attackers to bypass authentication, gain root access, and overwrite critical files. Two of these vulnerabilities are already being exploited in the wild by hackers, making immediate remediation critical.​…

  • Cisco Unified Intelligence Center Vulnerability Allows Remote Attackers to Upload Arbitrary Files

    Cisco Unified Intelligence Center Vulnerability Allows Remote Attackers to Upload Arbitrary Files A critical vulnerability in Cisco’s Unified Intelligence Center (CUIC) web-based management interface has been classified with high severity, allowing authenticated remote attackers with Report Designer privileges to upload arbitrary files to affected systems.  Tracked as CVE-2025-20274 and assigned a CVSS Base Score of…

  • Cisco Unified CM Vulnerability Allows Remote Attacker to Login As Root User

    Cisco Unified CM Vulnerability Allows Remote Attacker to Login As Root User A severe vulnerability in Cisco Unified Communications Manager (Unified CM) systems could allow remote attackers to gain root-level access to affected devices.  The vulnerability, designated CVE-2025-20309 with a maximum CVSS score of 10.0, affects Engineering Special releases and stems from hardcoded SSH credentials…

  • Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack

    Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack A critical security vulnerability affecting Cisco Meraki MX and Z Series devices could allow unauthenticated attackers to launch denial of service (DoS) attacks against AnyConnect VPN services.  The vulnerability, tracked as CVE-2025-20271 with a CVSS score of 8.6, was published on June 18, 2025, and…