{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Cisco & Atlassian Under Fire: High-Severity Flaws and What’s at Risk","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/e84775c3\"></iframe>","width":"100%","height":180,"duration":3218,"description":"Cisco and Atlassian have both released urgent security advisories in response to newly discovered high-severity vulnerabilities—and the implications are serious.Cisco’s firmware flaws impact Meraki MX and Z Series devices running AnyConnect VPN. A bug in the SSL VPN process allows authenticated attackers to crash the VPN server, causing repeated denial-of-service conditions. Cisco ClamAV also contains heap-based buffer overflow vulnerabilities that could crash antivirus defenses simply by scanning a malicious file. Proof-of-concept exploit code is already circulating—making exploitation only a matter of time.Atlassian isn’t faring much better. Their June 2025 bulletin disclosed 13 high-severity vulnerabilities across Bamboo, Bitbucket, Confluence, Jira, Crowd, and Service Management. Many of these are rooted in third-party dependencies like Netty, Apache Tomcat, and Spring Framework. From improper authorization to remote code execution and denial of service, the risks span multiple vectors.This episode breaks down:🔧 Cisco CVEs (2025-20212, 2025-20271, 2025-20128, 2025-20234) 🛑 How malformed VPN attributes trigger a system crash 🧪 The risk of crashing ClamAV with OLE2 content 📦 Atlassian’s dependency-driven vulnerabilities (CVE-2025-22228, CVE-2024-47561, CVE-2024-39338 and more) 🔁 The challenges of managing firmware updates across Meraki networks 💣 The broader danger of unpatched systems and third-party bloat 📉 Real-world fallout: from Equifax to ProxyShell ☁️ Shared responsibility in cloud environments and how institutions often misinterpret itIf you're running Cisco hardware, using Atlassian platforms, or relying on open-source libraries, this episode shows why you must have a clear patching strategy, strong third-party oversight, and internal security validation—before attackers find the gaps for you.","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}