Сisсо Сhаnnеl

🤙Cisco community channel and group: @Cisco @CiscoChat 💥Other Cisco related Channels and groups: @ciscoAcademy @spotociscoclub Qubes OS Community Channel and group: @QubesOS @QubesChat Off topic chats: @PublicChatrooms @PublicTestGroup Games: @hamstEr_kombat_bot @CatizenBot Other Channels: @telemojis @TheTGTimes ▪️▫️▪️▫️▪️▫️▪️▫️▪️▫️▪️ Join @Net3A for more channels and groups.

Nataliia Nahach explains how Cisco’s TOP program offered a transformative experience. More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)

A Journey of Resilience and New Beginnings https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m09/a-journey-of-resilience-and-new-beginnings.html?source=rss

Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416&vs_f=Cisco%20Event%20Responses%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Event%20Response:%20September%202024%20Semiannual%20Cisco%20IOS%20XR%20Software%20Security%20Advisory%20Bundled%20Publication%26vs_k=1

Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XR%20Software%20Network%20Convergence%20System%20Denial%20of%20Service%20Vulnerability%26vs_k=1 A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the Details (#details) section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication (https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416). Security Impact Rating: High CVE: CVE-2024-20317

Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Multiple%20Cisco%20Products%20Web-Based%20Management%20Interface%20Privilege%20Escalation%20Vulnerability%26vs_k=1 A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager, and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp Security Impact Rating: High CVE: CVE-2024-20381