CyberAlerts

Description: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort

Source: Cisco Talos Blog

February 14th, 2025 (2 months ago)

Salt Typhoon Exploits Cisco Devices in Telco Infrastructure

Description: The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months.

Source: Dark Reading

February 14th, 2025 (2 months ago)

Chinese hackers breach more US telecoms via unpatched Cisco routers

Description: China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. [...]

Source: BleepingComputer

February 14th, 2025 (2 months ago)

More victims of China's Salt Typhoon crew emerge – Telcos, unis hit via Cisco bugs

Source: TheRegister

February 13th, 2025 (2 months ago)

Critical Cisco ISE bug can let attackers run commands as root

Description: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root. [...]

Source: BleepingComputer

February 6th, 2025 (2 months ago)

Google Cloud Platform Data Destruction via Cloud Build

Description: A technical overview of Cisco Talos' investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family.

Source: Cisco Talos Blog

February 6th, 2025 (2 months ago)

CVE-2025-20207

Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability

Description: A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system. This vulnerability exists because the appliances do not protect confidential information at rest in response to SNMP poll requests. An attacker could exploit this vulnerability by sending a crafted SNMP poll request to the affected appliance. A successful exploit could allow the attacker to discover confidential information that should be restricted. To exploit this vulnerability, an attacker must have the configured SNMP credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX Security Impact Rating: Medium CVE: CVE-2025-20207

EPSS Score: 0.05%

Source: Cisco Security Advisory

February 5th, 2025 (2 months ago)

CVE-2025-20180

Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability

Description: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-xss-WCk2WcuG Security Impact Rating: Medium CVE: CVE-2025-20180

EPSS Score: 0.05%

Source: Cisco Security Advisory

February 5th, 2025 (2 months ago)

CVE-2025-20124

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities

Description: Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. Note: To exploit these vulnerabilities, the attacker must have valid read-only administrative credentials. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF Security Impact Rating: Critical CVE: CVE-2025-20124,CVE-2025-20125

EPSS Score: 0.05%

Source: Cisco Security Advisory

February 5th, 2025 (2 months ago)

CVE-2025-20204

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Description: Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG Security Impact Rating: Medium CVE: CVE-2025-20204,CVE-2025-20205

EPSS Score: 0.05%

Source: Cisco Security Advisory

February 5th, 2025 (2 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	ClearML and Nvidia vulns Description: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort Source: Cisco Talos Blog February 14th, 2025 (2 months ago)
	Salt Typhoon Exploits Cisco Devices in Telco Infrastructure Description: The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months. Source: Dark Reading February 14th, 2025 (2 months ago)
	Chinese hackers breach more US telecoms via unpatched Cisco routers Description: China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. [...] Source: BleepingComputer February 14th, 2025 (2 months ago)
	More victims of China's Salt Typhoon crew emerge – Telcos, unis hit via Cisco bugs Source: TheRegister February 13th, 2025 (2 months ago)
	Critical Cisco ISE bug can let attackers run commands as root Description: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root. [...] Source: BleepingComputer February 6th, 2025 (2 months ago)
	Google Cloud Platform Data Destruction via Cloud Build Description: A technical overview of Cisco Talos' investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. Source: Cisco Talos Blog February 6th, 2025 (2 months ago)
CVE-2025-20207	Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability Description: A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system. This vulnerability exists because the appliances do not protect confidential information at rest in response to SNMP poll requests. An attacker could exploit this vulnerability by sending a crafted SNMP poll request to the affected appliance. A successful exploit could allow the attacker to discover confidential information that should be restricted. To exploit this vulnerability, an attacker must have the configured SNMP credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX Security Impact Rating: Medium CVE: CVE-2025-20207 EPSS Score: 0.05% Source: Cisco Security Advisory February 5th, 2025 (2 months ago)
CVE-2025-20180	Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability Description: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-xss-WCk2WcuG Security Impact Rating: Medium CVE: CVE-2025-20180 EPSS Score: 0.05% Source: Cisco Security Advisory February 5th, 2025 (2 months ago)
CVE-2025-20124	Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities Description: Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. Note: To exploit these vulnerabilities, the attacker must have valid read-only administrative credentials. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF Security Impact Rating: Critical CVE: CVE-2025-20124,CVE-2025-20125 EPSS Score: 0.05% Source: Cisco Security Advisory February 5th, 2025 (2 months ago)
CVE-2025-20204	Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities Description: Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG Security Impact Rating: Medium CVE: CVE-2025-20204,CVE-2025-20205 EPSS Score: 0.05% Source: Cisco Security Advisory February 5th, 2025 (2 months ago)