Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Cisco Webex for BroadWorks Credential Exposure Vulnerability
Description: A low-severity vulnerability in Cisco Webex for BroadWorks Release 45.2 could allow an unauthenticated, remote attacker to access data and credentials if unsecure transport is configured for the SIP communication. This vulnerability is due to the exposure of sensitive information in the SIP headers. A related issue could allow an authenticated user to access credentials in plain text in the client and server logs.  A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user. A configuration change to fix this vulnerability and the related issue has been pushed to Cisco Webex for BroadWorks. Cisco recommends that customers restart their Cisco Webex application to apply the configuration changes. There is a workaround that addresses this vulnerability and the related issue. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-credexp-xMN85y6 Security Impact Rating: Informational
Source: Cisco Security Advisory
March 4th, 2025 (about 2 months ago)
CISA tags Windows, Cisco vulnerabilities as actively exploited
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. [...]
Source: BleepingComputer
March 3rd, 2025 (about 2 months ago)
Cisco's SnapAttack Deal Expands Splunk's Capabilities
Description: The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting.
Source: Dark Reading
March 3rd, 2025 (about 2 months ago)

CVE-2025-1868
Exposición de información en múltiples productos de Famatech Corp
Description: Information display on multiple products from Famatech Corp Mon, 03/03/2025 - 11:08 Aviso Affected Resources Advanced IP Scanner: versions 2.5.4594.1 and earlier.Advanced Port Scanner: versions 2.5.3869 and earlier. Description INCIBE has coordinated the publication of a medium severity vulnerability affecting Advanced IP Scanner and Advanced Port Scanner, a free network scanner, which has been discovered by Francisco Javier Medina Munuera, Pedro Gabaldón Juliá, Alejandro Baño Andrés and Antonio José Gálvez Sánchez.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1868: CVSS v4.0: 6.9 | CVSS AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-200 Identificador INCIBE-2025-112 3 - Medium Solution The vulnerability has not yet been fixed, but the Famatech Corp team is working on it. Detail CVE-2025-1868: vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by intercepting network traffic to a legitimate server or by setting up a fake server, in both local and remote scen...

EPSS Score: 0.02%

Source: Incibe CERT
March 3rd, 2025 (about 2 months ago)

CVE-2025-20111
Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics Denial of Service Vulnerability
Description: A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k-healthdos-eOqSWK4g This advisory is part of the February 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2025-20111

EPSS Score: 0.04%

Source: Cisco Security Advisory
February 26th, 2025 (about 2 months ago)

CVE-2025-20161
Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability
Description: A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.  Note: Administrators should validate the hash of any software image before installation. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ici-dpOjbWxk This advisory is part of the February 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2025-20161

EPSS Score: 0.23%

Source: Cisco Security Advisory
February 26th, 2025 (about 2 months ago)

CVE-2025-20116
Cisco Application Policy Infrastructure Controller Vulnerabilities
Description: Multiple vulnerabilities in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated attacker to access sensitive information, execute arbitrary commands, cause a denial of service (DoS) condition, or perform cross-site scripting (XSS) attacks. To exploit these vulnerabilities, the attacker must have valid administrative credentials. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5 Security Impact Rating: Medium CVE: CVE-2025-20116,CVE-2025-20117,CVE-2025-20118,CVE-2025-20119

EPSS Score: 0.03%

Source: Cisco Security Advisory
February 26th, 2025 (about 2 months ago)

CVE-2018-0171
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
Description: Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple
Source: TheHackerNews
February 21st, 2025 (about 2 months ago)
Weathering the storm: In the midst of a Typhoon
Description: Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.
Source: Cisco Talos Blog
February 20th, 2025 (about 2 months ago)

CVE-2025-20153
Cisco Secure Email Gateway Email Filter Bypass Vulnerability
Description: A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.   This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw Security Impact Rating: Medium CVE: CVE-2025-20153

EPSS Score: 0.03%

Source: Cisco Security Advisory
February 19th, 2025 (about 2 months ago)