Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-20752PUBLISHED: 2022-07-06
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient pro...
CVE-2022-20768PUBLISHED: 2022-07-06
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials....
CVE-2022-20791PUBLISHED: 2022-07-06
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an auth...
CVE-2022-20800PUBLISHED: 2022-07-06
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity ...
CVE-2022-20808PUBLISHED: 2022-07-06
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. ...
User Rank: Ninja
12/8/2014 | 11:40:03 AM
DDoS attacks and overt port scanning are still tools used by malicious actors today. This stuff isn't gone folks... it just doesn't catch the headlines that it used to. Heck, these activites happen so often that such events have become analogous to people who exceed the speed limit when driving.
Newer methods like MITM and watering hole attacks are making boundary defenses seem out of date, but these are methods are just different in nature and do not preclude the need for boundary defenses. In some situations, boundary defenses can still assist in mitigation of newer external risks.
What has changed is the defense-in-depth mindset that the industry is beginning to embrace. Back in the day, internal (within the boundaries defenses) protections were usually relegated to AV and Spam protection mechanisms.
Current security programs will have DLP strategies, DAR protections, whitelisting practices, and SIEM implementations. New "nex-gen" malicious activity solutions are also coming to the fore as security product vendors find new ways to monitor the secure operations of "all the things".
The idea that a "fence around the things" is not dead, it is just part of a much deeper and more complex security puzzle that will (hopefully) make malicious actors work harder for more limited success.
Of course, the greatest weakness of any security program is people.
How people use systems and data will likely be the endless frontier of risk management.