433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service Vulnerability

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device. This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb Security Impact Rating: High CVE: CVE-2025-20212
http://news.poseidon-us.com/TJvtGh

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4 Security Impact Rating: Medium CVE: CVE-2025-20120,CVE-2025-20203
http://news.poseidon-us.com/TJvtF2

DoD’s deferred resignation program available to civilians April 7–14

Exemptions to DRP should be rare, but DoD component heads can exempt mission critical positions prior to offering the DRP and VERA.  The post DoD’s deferred resignation program available to civilians April 7–14 first appeared on Federal News Network.
http://news.poseidon-us.com/TJvszk

DoD’s deferred resignation program available to civilians April 7–14

Exemptions to DRP should be rare, but DoD component heads can exempt mission critical positions prior to offering the DRP and VERA.  The post DoD’s deferred resignation program available to civilians April 7–14 first appeared on Federal News Network.
http://news.poseidon-us.com/TJvsfv

How to meet the government’s tech skills need

Upskilling to keep pace with government technology demands The post How to meet the government’s tech skills need first appeared on Federal News Network.
http://news.poseidon-us.com/TJvsWy

How to meet the government’s tech skills need

Upskilling to keep pace with government technology demands The post How to meet the government’s tech skills need first appeared on Federal News Network.
http://news.poseidon-us.com/TJvsDd

The government confirms its rights to certain contractor intellectual property

A recent dispute between the Air Force and a simulation software subcontractor proved that the government has rights to certain intellectual property. The post The government confirms its rights to certain contractor intellectual property first appeared on Federal News Network.
http://news.poseidon-us.com/TJvs1q

The government confirms its rights to certain contractor intellectual property

A recent dispute between the Air Force and a simulation software subcontractor proved that the government has rights to certain intellectual property. The post The government confirms its rights to certain contractor intellectual property first appeared on Federal News Network.
http://news.poseidon-us.com/TJvrmp

The government confirms its rights to certain contractor intellectual property

A recent dispute between the Air Force and a simulation software subcontractor proved that the government has rights to certain intellectual property. The post The government confirms its rights to certain contractor intellectual property first appeared on Federal News Network.
http://news.poseidon-us.com/TJvrm9

Surge in Scans for Juniper “t128” Default User, (Wed, Apr 2nd)

Last week, I noticed a surge in scans for the username “t128”. This username, accompanied by the password “128tRoutes,” is a well-known default account for Juniper's Session Smart Networking Platform (or “SSR” for “Session Smart Routing”). The username and password are a bit “odd”. Juniper acquired a company called “128 Technologies” a few years ago, and with this acquisition, integrated SSR into its product portfolio. But much of the product, including default usernames and passwords, remained unchanged. The documentation, including the default username and passwords, is still at 128technology.com [1].
http://news.poseidon-us.com/TJvrfd