Cisco recently released a patch for a new generation of exploits that target some of its recently shipped products (Expressway Series and Cisco TelePresence Video Communication Server (VCS)).
This security flaw leaves these devices susceptible to attacks, leaving them open to widespread vulnerabilities that Cisco promptly addressed by releasing the patch. On successful exploitation of these vulnerabilities, a threat actor can execute arbitrary code.
In total, there are five vulnerabilities, but, among the five, two are critical, and they tracked as:-
These two severe security flaws are related to an arbitrary file write and a command injection flaw in the API and web interfaces of the two that could have serious impacts on affected systems.
While these two critical security bugs were identified by Jason Crowder of the Cisco ASIG (Advanced Security Initiatives Group) during the routine internal security testing.
While other three vulnerabilities are identified in the following products of Cisco:-
Below we have mentioned all the five vulnerabilities that are detected:-
However, Cisco has claimed that they didn’t see any evidence of exploitation of these security flaws. Cisco uncovered these bugs while carrying out their own internal security testing or while fixing the bugs reported by the Technical Assistance Center (TAC).
They played around with the idea that you couldn’t massively hack into devices if the misconfigurations were identified, cleared up, and fixed straight away.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems across…
Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21 popular…
The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its focus…
The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu, has…
The Seqrite Labs APT team has uncovered a sophisticated cyber campaign by the Pakistan-linked Transparent…
The LUMMAC.V2 infostealer malware, also known as Lumma or Lummastealer, has emerged as a significant…