Cisco Investigates Potential Data Exposure, Confirms No Breach of Internal Systems

CVE-2024-20404 and CVE-2024-20405

Cisco Systems is currently investigating an alleged unauthorized access to data housed on a public-facing DevHub environment. While initial reports suggested a potential breach of Cisco’s internal systems, the company has confirmed this is not the case.

In a security incident report updated on October 18th, Cisco stated:

Based on our investigations, we are confident that there has been no breach of our systems. We have determined that the data in question is on a public-facing DevHub environment—a Cisco resource center that enables us to support our community by making available software code, scripts, etc. for customers to use as needed.”

The DevHub, designed to provide resources for the Cisco community, may have inadvertently exposed a limited number of files not intended for public consumption. Cisco assures that, “At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published.”

The company is diligently working to identify the nature of the potentially exposed files. While no sensitive personally identifiable information (PII) or financial data has been found among them, the investigation remains ongoing.

As a precautionary measure, Cisco has temporarily disabled public access to the DevHub.

Out of an abundance of caution, we have disabled public access to the site while we continue the investigation. Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event.”

Related Posts: