16 new Cisco advisories

icecream-guy · June 22, 2017, 06:23:42 AM

My apologies if you run Prime, WaaS, or ISE!

23 new vulnerabilities announced yesterday.

deanwebb · June 22, 2017, 10:15:49 AM

Are these all the same vulnerability on each platform, or are we dealing with more diversity in how things go boom on Cisco this week?

icecream-guy · June 22, 2017, 11:02:31 AM

Quote from: deanwebb on June 22, 2017, 10:15:49 AM
Are these all the same vulnerability on each platform, or are we dealing with more diversity in how things go boom on Cisco this week?

based on CVE's different platforms covered under each advisory.

deanwebb · June 22, 2017, 11:45:43 AM

Reading the list, looks like a bunch of XSS vulnerabilities.

AGAIN.

icecream-guy · July 06, 2017, 06:36:13 AM

'nother big announcement yesterday 3 crit, 4 high, rest medium
yer kinda screwed if you are running Cisco Ultra Services Framework (for mobile network operators)

deanwebb · July 06, 2017, 10:56:01 AM

What gets me about Cisco is that so very many of their vulnerabilities are from a lack of code hardening on features that they don't use anyway or that have been known issues for ages (like XSS) and they simply didn't bother until recently to patch this thing or that.

icecream-guy · July 06, 2017, 11:09:49 AM

Quote from: deanwebb on July 06, 2017, 10:56:01 AM
What gets me about Cisco is that so very many of their vulnerabilities are from a lack of code hardening on features that they don't use anyway or that have been known issues for ages (like XSS) and they simply didn't bother until recently to patch this thing or that.

back in the old days, it wasn't a vulnerability if no one knew about it. keep it on the hush hush and you are free and clear. These days with so many researchers, companies disclosing vulnerabilities, and rewarding people who do find them, companies are walking a thin line, especially public ones that have to answer to stock holders.

LynK · July 10, 2017, 01:57:24 PM

where you guys get these advisories?

deanwebb · July 10, 2017, 02:33:52 PM

Quote from: LynK on July 10, 2017, 01:57:24 PM
where you guys get these advisories?

https://tools.cisco.com/security/center/publicationListing.x is a good place to start. It's nice and filterable, in a Cisco-y kind of way.

icecream-guy · July 11, 2017, 07:39:21 AM

Quote from: deanwebb on July 10, 2017, 02:33:52 PM
Quote from: LynK on July 10, 2017, 01:57:24 PM
where you guys get these advisories?

https://tools.cisco.com/security/center/publicationListing.x is a good place to start. It's nice and filterable, in a Cisco-y kind of way.

There is also an RSS feed here, if you are to lazy to click on a bookmark.

https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml

Otanx · July 11, 2017, 08:41:49 AM

or get them as an email

http://www.cisco.com/cisco/support/notifications.html

-Otanx

deanwebb · July 11, 2017, 08:42:44 AM

Gives me an idea... I can add vendor feeds to the forums here...

Sound like a good idea?

icecream-guy · July 11, 2017, 10:43:40 AM

Quote from: deanwebb on July 11, 2017, 08:42:44 AM
Gives me an idea... I can add vendor feeds to the forums here...

Sound like a good idea?

only if they pay

icecream-guy · August 03, 2017, 06:58:20 AM

15 more announced yesterday, nothing critical.

Dieselboy · August 03, 2017, 07:37:22 AM

So that means they've found them all now right?

Software deployment strategy: get it out to market as fast as you can. QA it later.

If you guys have Cisco spark, I can configure an RSS feed to post updates to a space and we all get it. Emails are so last year