433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (813) 563-2652

Cisco IOS XR Software CLI Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF This advisory is part of the March 2025 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2025 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2025-20138
http://news.poseidon-us.com/TJTjcv

Cisco IOS XR Software Border Gateway Protocol Confederation Denial of Service Vulnerability

A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX This advisory is part of the March 2025 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2025 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2025-20115
http://news.poseidon-us.com/TJTjb7

Scans for VMWare Hybrid Cloud Extension (HCX) API (Brutefording Credentials?), (Wed, Mar 12th)

Today, I noticed increased scans for the VMWare Hyprid Cloud Extension (HCX) “sessions” endpoint. These endpoints are sometimes associated with exploit attempts for various VMWare vulnerabilities to determine if the system is running the extensions or to gather additional information to aid exploitation.
http://news.poseidon-us.com/TJTcCK

ServiceNow releases no-code, low-code AI agent builder

The ServiceNow Studio aims to simplify enterprise automation, giving developers a centralized spot to manage and work on projects, the vendor said Wednesday.
http://news.poseidon-us.com/TJTZTx

NIST selects HQC as backup algorithm for post-quantum encryption

Last year, NIST standardized a set of encryption algorithms that can keep data secure from a cyberattack by a future quantum computer. Now, NIST has selected a backup algorithm that can provide a second line of defense for the task of general encryption, which safeguards internet traffic and stored data alike. Encryption protects sensitive electronic information, including internet traffic and medical and financial records, as well as corporate and national security secrets. But a sufficiently … More → The post NIST selects HQC as backup algorithm for post-quantum encryption appeared first on Help Net Security.
http://news.poseidon-us.com/TJTRgZ

CTL Staff Advance O-RAN Standards

CTL staff made several technical contributions to the O-RAN Alliance face-to-face meeting on March February 24-28 in the areas of security, testing and RAN intelligent control. NIST contributions on security focused on zero trust architecture
http://news.poseidon-us.com/TJTN9t

NetBird: Open-source network security

NetBird is an open-source solution that integrates a configuration-free peer-to-peer private network with centralized access control, providing a single platform to build secure private networks for your organization or home. NetBird features NetBird creates a WireGuard-based overlay network that automatically connects your machines over an encrypted tunnel. This eliminates the hassle of opening ports, complex firewall rules, VPN gateways, etc. Users gain secure remote access with granular, easily managed access policies, all from a unified … More → The post NetBird: Open-source network security appeared first on Help Net Security.
http://news.poseidon-us.com/TJTBS6

Burnout in cybersecurity: How CISOs can protect their teams (and themselves)

Cybersecurity is a high-stakes, high-pressure field in which CISOs and their teams constantly battle threats, compliance requirements, and business expectations. The demand for 24/7 vigilance, sophisticated attacks, and a shortage of skilled professionals have led to a burnout epidemic in the industry. For CISOs, this isn’t just a personal issue, it’s a business risk. A burned-out team is less effective, more prone to errors, and more likely to leave, creating knowledge gaps that further strain … More → The post Burnout in cybersecurity: How CISOs can protect their teams (and themselves) appeared first on Help Net Security.
http://news.poseidon-us.com/TJT5d2

Defending against EDR bypass attacks

EDR bypass and killer attacks are surging, yet many organizations continue to overlook this threat while they have become over-reliant on this security tool – particularly when preventing ransomware. In this Help Net Security video, John Dwyer, Director of Security Research at Binary Defense, discusses how over-reliance on EDR and lack of monitoring EDR telemetry health has become a risk in corporate security, the evolving tools and techniques attackers are using, and key mistakes companies … More → The post Defending against EDR bypass attacks appeared first on Help Net Security.
http://news.poseidon-us.com/TJT5cR