DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

Cisco Security Advisory - Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device. Cisco has available free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one, CVE-2019-1936, is a command injection in a password change form, that allows the attacker to inject commands that will execute as root. This module combines both vulnerabilities to achieve the unauthenticated command injection as root. It has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.

Cisco C170 Email Security Appliance version 10.0.3-003 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C100V IronPort remote host header injection exploit.

Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.

Cisco IronPort C350 remote host header injection exploit.

Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.

Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.

Cisco WLC 2504 version 8.9 suffers from a denial of service vulnerability.

Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.

Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.

Cisco Data Center Network Manager version 11.2 remote code execution exploit.

Cisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.

Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.

Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.

Cisco IP Phone version 11.7 denial of service proof of concept exploit.

Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names.

What happens when a famously left-leaning city dives into the buttoned-down business of electric utilities? San Francisco may soon find out.

San Francisco Mayor London Breed wants to use PG&E Corp.’s bankruptcy to take over some of the company’s assets for the city’s power needs, a move that would shake up California’s largest utility and remake the state’s energy landscape.

What happens when a famously left-leaning city dives into the buttoned-down business of electric utilities? San Francisco may soon find out.

San Francisco Mayor London Breed wants to use PG&E Corp.’s bankruptcy to take over some of the company’s assets for the city’s power needs, a move that would shake up California’s largest utility and remake the state’s energy landscape.

What happens when a famously left-leaning city dives into the buttoned-down business of electric utilities? San Francisco may soon find out.

San Francisco Mayor London Breed wants to use PG&E Corp.’s bankruptcy to take over some of the company’s assets for the city’s power needs, a move that would shake up California’s largest utility and remake the state’s energy landscape.

The Australian Landing Pad in San Francisco is located at WeWork, in the geographical and cultural heart of the new technology boom.

A COVID-19 mass testing effort within San Francisco's Mission District  — which aimed to broadly test individuals regardless of symptoms  — found stark inequalities in how the virus is affecting different groups. About 95% of the people who tested positive were Latino, and the vast majority could not work from home. Not a single white person tested positive, despite making up about a third of the people who were tested. 

Barcelona's January signing Francisco Trincao says Lionel Messi and Cristiano Ronaldo are his idols – and revealed his excitement about linking up with the Argentine at Camp Nou.

Manchester United star Bruno Fernandes has named old friend Francisco Ramos as the player he would most like to join him at Old Trafford.

Welcome to the Evening Standard's live blog covering the latest transfer news and rumours from the Premier League and beyond.

Francisco Ramos has thanked his friend Bruno Fernandes for saying he wants him to join Manchester United - but suggests a move is very unlikely.