No more layoffs planned for federal real estate workforce, GSA tells staff ahead of reorganization
http://news.poseidon-us.com/TN0NLQ
http://news.poseidon-us.com/TN0NLQ
http://news.poseidon-us.com/TN0NLQ
Cisco IOS XR Software Management Interface ACL Bypass Vulnerability
A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device. For more information about this vulnerability, see the Details section of this advisory. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-acl-packetio-Swjhhbtz This advisory is part of the September 2025 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2025 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2025-20159http://news.poseidon-us.com/TN0Lc7
Cisco IOS XR Software Image Verification Bypass Vulnerability
A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrsig-UY4zRUCG This advisory is part of the September 2025 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2025 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2025-20248http://news.poseidon-us.com/TN0Lc0
Cisco IOS XR ARP Broadcast Storm Denial of Service Vulnerability
A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a broadcast storm, leading to a denial of service (DoS) condition on an affected device. This vulnerability is due to how Cisco IOS XR Software processes a high, sustained rate of ARP traffic hitting the management interface. Under certain conditions, an attacker could exploit this vulnerability by sending an excessive amount of traffic to the management interface of an affected device, overwhelming its ARP processing capabilities. A successful exploit could result in degraded device performance, loss of management connectivity, and complete unresponsiveness of the system, leading to a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-arp-storm-EjUU55yM This advisory is part of the September 2025 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2025 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2025-20340http://news.poseidon-us.com/TN0LZr
BASE64 Over DNS, (Wed, Sep 10th)
http://news.poseidon-us.com/TN0K2X
Coro 3.6 reduces operational burden for resource-constrained SMBs
http://news.poseidon-us.com/TN0GLZ
Space Development Agency set to launch its first operational satellites
http://news.poseidon-us.com/TN03Ql
Space Development Agency set to launch its first operational satellites
http://news.poseidon-us.com/TN03NG
Space Development Agency set to launch its first operational satellites
http://news.poseidon-us.com/TN03LS
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday
http://news.poseidon-us.com/TN02KY