FISA

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as  CVE-2023-20101  (CVSS score: 9.8), is due to the presence of static user credentials for the root account that the company said is usually reserved for use during development. "An attacker could exploit this vulnerability by using the account to log in to an affected system," Cisco said in an advisory. "A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user." The issue impacts Cisco Emergency Responder Release 12.5(1)SU4 and has been addressed in version 12.5(1)SU5. Other releases of the product are not impacted. The networking equipment major said it discovered the problem during internal security testing and that it's not aware of any malicious use of the vulne

 Cisco releases fixes for a critical-severity vulnerability in Expressway series and TelePresence Video Communication Server (VCS). Cisco on Wednesday announced patches for a critical vulnerability in its Expressway series and TelePresence Video Communication Server (VCS) enterprise collaboration and video communication solutions. Tracked as CVE-2023-20105 (CVSS score of 9.6), the vulnerability allows an administrator with ‘read-only’ rights to elevate their privileges to ‘read-write’. The issue exists because password change requests are not handled properly, allowing an attacker authenticated as a ‘read-only’ administrator to send a crafted request to change the password for any user account on the system, including that of a ‘read-write’ administrator, and then impersonate them. Cisco Expressway series and TelePresence VCS deployments that have granted CLI access to a read-only administrator are also vulnerable to CVE-2023-20192, a high-severity vulnerability also leading to escalat

 What is Radware’s DDoS Mitigation Solution? Radware’s DDoS Mitigation solution for Cisco Firepower NGFW appliance detects all DDoS attacks and mitigates them in seconds – all without blocking legitimate user traffic. It protects network infrastructure and data centers against network and application downtime (or slow time), network anomalies and network and application scanning. Radware DDoS Mitigation helps service providers win the ongoing security battle against availability attacks by detecting and mitigating known and zero-day DoS/DDoS attacks in real-time. It protects against other security threats that go undetected by traditional DDoS mitigation tools that rely on rate-based threshold for detection. Radware’s DDoS Mitigation provides full protection against the DoS/DDoS threat with the shortest mitigation time and broadest possible attack coverage. Radware provides a hybrid solution that combines on premise and cloud-based mitigation tools in a single integrated solution that