CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

06/22/2022 10:00 AM EDT

Original release date: June 22, 2022

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.

CISA has released five corresponding Industrial Controls Systems Advisories (ICSAs) currently to provide notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.  

CISA encourages users and administrators to review the OT:ICEFALL report as well as the following ICSAs for technical details and mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

01/13/2022 11:13 AM EST

Original release date: January 13, 2022

Cisco has released security updates to address a vulnerability affecting Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM). A remote attacker could exploit this vulnerability to take control of an affected system. 

CISCA encourages users and administrators to review Cisco Security Advisory cisco-sa-ccmp-priv-esc-JzhTFLm4 and apply the necessary updates.
 

This product is provided subject to this Notification and this Privacy & Use policy.