Cisco PSIRT
Customers Deserve Transparency to Manage Risk
Our commitment to customers is to be open and transparent, especially as it relates to issues that could negatively impact their business. At Cisco, our leadership made the decision over twenty years ago that we would clearly communicate with customers about technical or other issues that could pote…
The PSIRT Services Framework: Helping the Industry Protect the Ecosystem
At Cisco, our leadership made the decision over twenty four years ago that we would clearly publicly communicate security vulnerabilities or other issues that could potentially expose customers to risk. This is when the Cisco Product Security Incident Response Team (PSIRT) was born. Our team and the…
September 2018 Cisco IOS and IOS XE Software Bundled Publication
Today, September 26, 2018, we released the second and final Cisco IOS and IOS XE Software Security Advisory Bundled Publication of 2018. As a reminder, Cisco discloses vulnerabilities in Cisco IOS Software and Cisco IOS XE Software on a predictable schedule—the fourth Wednesday of March and Septembe…
Shining a Light on a New Way to Attack WPA2 Weaknesses
New Technique for a Known Attack Vector On August 4, 2018, Jens “Atom” Steube, the lead developer of Hashcat, released a forum post disclosing a new technique that attempts to obtain and crack Wi-Fi Protected Access 2 (WPA2) passwords. This is a protocol-level technique carried out on the RSN IE of…
Cisco PSIRT Notice About Public Exploitation of the Cisco ASA Web Services Denial of Service Vulnerability
PSIRT has recently become aware of public exploitation of the Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability identified by Cisco bug ID CSCvi16029 and CVE ID CVE-2018-0296. With the security of our customers’ networks being a top priority, we’re taking act…
March 2018 Cisco IOS and IOS XE Software Bundled Publication
Today, we released the first Cisco IOS and IOS XE Software Security Advisory Bundled Publication of 2018. As a reminder, Cisco discloses vulnerabilities in Cisco IOS Software and Cisco IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year. Today’…
Introducing a New Addition to Cisco’s Security Impact Rating
The Cisco Product Security Incident Response Team (PSIRT) is committed to protecting customers by sharing security-related information in a timely manner and in different formats. Although some of the information that we receive may not relate to a specific vulnerability or issue in a Cisco product,…
Cisco PSIRT – Mitigating and Detecting Potential Abuse of Cisco Smart Install Feature
Cisco PSIRT has become aware of attackers potentially abusing the Smart Install (SMI) feature in Cisco IOS and IOS XE Software. While this is not considered a vulnerability, PSIRT published a Cisco Security Response on February 14, 2017 to inform customers about possible abuse of the Smart Install f…
Update for Customers
Following a recent Juniper security bulletin discussing unauthorized code, we have fielded a number of related questions from our customers. Being trustworthy, transparent, and accountable is core to our team, so we are responding to these questions publicly. First, we have a “no backdoor” policy an…
1