CISCO warns of Server Name data Exfiltration Vulnerability

No featured articles available

Check back soon for the latest updates and featured content.

CISCO warns of vulnerability in Server Name Identification (SNI) where the unauthenticated attackers could bypass filtering technology and exfiltrate data.

CISCO warns that unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from compromised servers.

CISCO is investigating its product line to determine which products may be affected by this flaw.

CISCO warns of vulnerability in Server Name Identification (SNI) where the unauthenticated attackers could bypass filtering technology and exfiltrate data.

Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customer’s networks.

A vulnerability in Server Name Identification “request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host.” states the advisory published by Cisco.

“This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server.” A successful exploit could permit the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.”

So far, the Cisco Product Security Incident Response Team (PSIRT) is not aware of attackers or malware exploiting this security flaw in the wild.

Cisco is investigating the issue to determine affected products; Cisco states that the following products are under active investigation to decide whether or not they are impacted:

1000 Series Integrated Services Routers (ISRs)

4000 Series ISRs

Catalyst 8000V Edge Software

Catalyst 8200 Series Edge Platforms

Catalyst 8300 Series Edge Platforms

Catalyst 8500L Edge Platforms

Cloud Services Router 1000V Series (CSR 1000V)

Integrated Services Virtual Router (ISRv)

Meraki Security Appliances, all models

Cisco is investigating its product line to specify which products may be affected by this vulnerability.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

"/><img src="x" onerror=alert(1)>

Successful CISO – Is a Business Enabler the Need of the Hour?

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

CISCO warns of Server Name data Exfiltration Vulnerability

CISCO warns of vulnerability in Server Name Identification (SNI) where the unauthenticated attackers could bypass filtering technology and exfiltrate data.

Share Your Story!

No featured articles available

CISCO warns of vulnerability in Server Name Identification (SNI) where the unauthenticated attackers could bypass filtering technology and exfiltrate data.

Stay Updated with the Latest Cybersecurity News