psirt
Do You Know Where Your Network is Vulnerable?
Security is central to an effective network. It is as critical as performance when it comes to instilling confidence in customers, employees, partners and administrators. Before they’ll use the network, they want to really trust the network. Trust is earned from a rock-solid and secure netw…
Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
On August 28th, 2019, Cisco published a Security Advisory titled “Cisco REST API Container for Cisco IOS XE Software Authentication Bypass Vulnerability”, disclosing an internally found vulnerability which affects the Cisco REST API container for Cisco IOS XE. An exploit could be used to bypass auth…
The PSIRT Services Framework: Helping the Industry Protect the Ecosystem
At Cisco, our leadership made the decision over twenty four years ago that we would clearly publicly communicate security vulnerabilities or other issues that could potentially expose customers to risk. This is when the Cisco Product Security Incident Response Team (PSIRT) was born. Our team and the…
Trust is Not a Light Switch
We frequently get asked about our competitors and, more specifically, about the security implications of those competitors. Our response always consists of two facts. First, you don’t decide overnight to be trustworthy, transparent and accountable. Second, security, trust, data protection and privac…
Insights About the Global Internet Routing Table Reaching the 768k Milestone
Back in 2014, I wrote an article that highlighted that global Internet routing table passed the 512,000 or 512k route mark. Today we know that another significant milestone has been reached, as we passed the 768k route mark! Many have predicted Internet outages may be expected. In short, the “sky i…
Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerabilit …
Cisco is committed to responsible coordinated disclosure about vulnerabilities, and maintains a very open relationship with the security research community. On January 29, 2018, the Cisco PSIRT learned about public knowledge of a remote code execution and denial of service vulnerability affecting th…
Perspective About the Recent WPA Vulnerabilities (KRACK Attacks)
On October 16th,Mathy Vanhoef and Frank Piessens, from the University of Leuven, published a paper disclosing a series of vulnerabilities that affect the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These are protocol-level vulnerabilities that affect wireless ven…
September 2017 Cisco IOS & IOS XE Software Bundled Publication
Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year). Today’s edition o…
CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 is Now Available
I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the…