433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cloud optimization, cybersecurity and mission readiness in action at CISA, Coast Guard and ICE

Federal agencies are past the early cloud adoption stage by this point. Their focus has shifted heavily to optimization, integration and mission alignment. Register to read more! The post Cloud optimization, cybersecurity and mission readiness in action at CISA, Coast Guard and ICE first appeared on Federal News Network.
http://news.poseidon-us.com/TMs7Mv

Why cyber risks lurk in legacy technology

No matter why older IT systems are still around, companies need to protect stacks and devices before they become a vector for attacks.
http://news.poseidon-us.com/TMs6DZ

Production Monitoring: Production Monitoring Systems Explained

Manufacturers compete on speed, quality and reliability, which makes production monitoring a core discipline for keeping lines moving and customers happy. With the right practices, teams get instant visibility into throughput, downtime, scrap and labor so they can correct issues… Read More The post Production Monitoring: Production Monitoring Systems Explained appeared first on ProjectManager.
http://news.poseidon-us.com/TMs0jF

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-csrf-w762pRYd Security Impact Rating: Medium CVE: CVE-2025-20326
http://news.poseidon-us.com/TMryBp

Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user-supplied input to the user profile component of Cisco Webex Meetings. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.  As mentioned, Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-55bv8hhm Security Impact Rating: Medium CVE: CVE-2025-20328
http://news.poseidon-us.com/TMryBn

Cisco Webex Meetings URL Redirection Vulnerability

A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of URLs that were included in a meeting-join URL. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by including a URL to a website of their choosing in a specific value of a Cisco Webex Meetings join URL. A successful exploit could have allowed the attacker to redirect a targeted user to a website that was controlled by the attacker, possibly making the user more likely to believe the website was trusted by Webex and perform additional actions as part of phishing attacks. As mentioned, Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-urlredirect-uK8dDJSZ Security Impact Rating: Medium CVE: CVE-2025-20291
http://news.poseidon-us.com/TMryBl

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities

Multiple vulnerabilities in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 with Cisco Session Initiation Protocol (SIP) Software could allow an unauthenticated, remote attacker to conduct arbitrary file write and information disclosure attacks on an affected device. Note: To exploit these vulnerabilities, Web Access must be enabled on the phone. Web Access is disabled by default. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df Security Impact Rating: Medium CVE: CVE-2025-20335,CVE-2025-20336
http://news.poseidon-us.com/TMryBh

Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-xss-XQgu4HSG Security Impact Rating: Medium CVE: CVE-2025-20330
http://news.poseidon-us.com/TMryBY

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-XjQZsyCP Security Impact Rating: Medium CVE: CVE-2025-20280
http://news.poseidon-us.com/TMryBM

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive configuration information on the affected system that should be restricted. To exploit this vulnerability, an attacker must have access as a low-privileged user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-dis-zhPPMfgz Security Impact Rating: Medium CVE: CVE-2025-20270
http://news.poseidon-us.com/TMryB6