The Everything Feed - All Packet Pushers Pods NB545: CISA Orders Immediate Patch of Cisco Vulnerabilities; Firewall Upgrade Blocks Emergency Calls
Sep 29, 2025
The discussion highlights urgent vulnerabilities in Cisco's firewall products, igniting an emergency directive from CISA for federal agencies to patch flaws actively being exploited. A troubling incident in Australia reveals how a firewall upgrade led to blocked emergency calls, resulting in tragic fatalities. Additionally, there's a focus on a Supermicro firmware risk, the appeal ruling on the AT&T and Nokia patent verdict, and Upscale AI's ambitious plans to disrupt the AI landscape with open standards.
AI Snips
Chapters
Transcript
Episode notes
Widespread Cisco HTTP Input Flaw
- CVE 2025-20363 affects multiple Cisco products via improper HTTP input validation enabling remote code execution and privilege escalation.
- Cisco released patches and strongly recommends upgrading because no workarounds exist.
Follow CISA's Emergency Patching Order
- CISA issued an emergency directive requiring federal agencies to patch two actively exploited Cisco ASA vulnerabilities immediately.
- Do prioritize patching CVE 2025-20333 and CVE 2025-20362 to prevent unauthenticated RCE and persistent ROM manipulation.
Firewall Upgrade Disabled Emergency Calls
- Optus deployed a firewall upgrade that unintentionally blocked emergency calls for 14 hours, and three customers died during that outage.
- The CEO admitted the change bypassed standard procedures and the carrier is investigating why safeguards failed.