loading

136863 author: screaminggoat@infosec.exchange 23 Dec 23:36
tags: #activeexploitation #cve #cybersecurity #eitw #infosec #patchtuesday #poc #proofofconcept #vulnerability #zeroday

Merry Christmas from the goat: Vendor Verbiage is a list of common example messages used by software vendors to note that a vulnerability is publicly disclosed or exploited in the wild. This should come in handy when quickly scanning through security advisories on Patch Tuesday. Enjoy!

88860 author: screaminggoat@infosec.exchange 23 Oct 2024 21:22
tags: #activeexploitation #cisco #cve #cve_2024_20481 #eitw #proofofconcept #vulnerability #zeroday

Prepare your NX-OS and bite the pillow because Cisco has some zero-days!

EXPLOITED ZERO-DAY: Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Brute Force Denial of Service Vulnerability CVE-2024-20481 (5.8 medium)
- The Cisco Product Security Incident Response Team (PSIRT) is aware of malicious use of the vulnerability that is described in this advisory.
PROOF OF CONCEPT ZERO-DAYS: Cisco Secure Firewall Management Center Software Cross-Site Scripting and Information Disclosure Vulnerabilities The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory:
- CVE-2024-20377 (5.4 medium) Cisco FMC Software Stored XSS Vulnerability
- CVE-2024-20387 (5.4 medium) Cisco FMC Software Web-Based Management Interface Stored XSS Vulnerability
- CVE-2024-20388 (5.3 medium) Cisco FMC Software API Response Information Disclosure Vulnerability

In case you wanted even more Cisco, they dropped a total of 36 security advisories today, 23 October 2024.