#arcanedoor
#arcanedoor
[ follow ]
Information security
fromIT Pro
1 week agoCisco ASA customers urged to take immediate action as NCSC, CISA issue critical vulnerability warnings
Critical vulnerabilities in Cisco ASA 5500-X devices enable authenticated attackers to execute arbitrary code, access restricted endpoints, deploy malware, and evade detection.
fromSecurityWeek
1 week agoCisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks
Tracked as CVE-2025-20333 (CVSS score of 9.9) and CVE-2025-20362 (CVSS score of 6.5), the bugs impact the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. The issues, Cisco explains, exist because user-supplied input in HTTP(S) requests is not properly validated, allowing a remote attacker to send crafted requests and execute arbitrary code with root privileges or access a restricted URL without authentication.
Information security
fromNextgov.com
1 week agoCISA issues emergency patching directive for Cisco devices on federal networks
The Cybersecurity and Infrastructure Security Agency is ordering federal agencies to patch Cisco devices that have been exploited by an advanced hacker group, it said in a Thursday alert. The hacking activity targeting the devices "is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution" on various Cisco Adaptive Security Appliances, CISA said. A "zero-day" refers to a software flaw that's being exploited but has not been previously discovered, giving developers zero days to fix it.
Information security
[ Load more ]