Wednesday, April 14, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Cisco critical bugs: Nexus data center switch software needs patching now

January 4, 2020
in Internet Security
Cisco critical bugs: Nexus data center switch software needs patching now
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Cisco has disclosed a dozen bugs affecting its Data Center Network Manager (DCNM) software, including three critical authentication-bypass bugs that expose enterprise customers to remote attacks.

You might also like

Brave browser disables Google’s FLoC tracking system

These new vulnerabilities put millions of IoT devices at risk, so patch now

Who do I pay to get the ‘phone’ removed from my iPhone?

Cisco warns that a remote attacker can bypass DCNM’s authentication and carry out tasks with administrative privileges on an affected device. 

The available updates are highly important for enterprise data centers built with its Nexus NX-OS-based switches. DCNM is a key component for automating NX-OS-based network infrastructure deployments. 

Cisco points to three separate authentication bypass vulnerabilities in a single advisory. They’re tagged as CVE-2019-15975, CVE-2019-15975, and CVE-2019-15977 and the trio have a severity rating of 9.8 out of a possible 10, meaning they are firmly critical security issues.  

The bugs “could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device”, Cisco said.

Despite the common advisory, Cisco explains the vulnerabilities are independent of each other and that exploitation of one isn’t required to exploit another. 

The first bug is due to a static encryption key that’s shared between installations. The issue resides in the REST API endpoint of DCNM. It allows an attacker to use the static key to generate a valid session token and potentially carry out actions at will through the REST API with administrative privileges. 

The second bug stems from the same problem. However, it lies in the SOAP API endpoint of DCNM. “A successful exploit could allow the attacker to perform arbitrary actions through the SOAP API with administrative privileges,” Cisco warned. 

The third bug is because Cisco added hard-coded credentials for the web-based user interface, which could allow an attacker to access a section of the web interface and obtain confidential information from an affected device. 

Cisco says it fixed these vulnerabilities in Cisco DCNM Software releases 11.3(1) and later on Windows, Linux, and virtual appliance platforms. 

The bugs were reported by Steven Seeley via Trend Micro’s Zero Day Initiative and iDefense, Accenture.

Seeley’s advice to customers is to patch DCNM now and if that’s not possible, uninstall the software. 

Seeley also found three high-severity bugs in the REST and SOAP API endpoints and the Application Framework feature of DCNM. The bugs could allow an authenticated remote attacker to conduct directory traversal attacks on an affected device,.   

The bugs affect Cisco DCNM prior to Release 11.3(1) for Windows, Linux, and virtual appliance platforms. All three bugs were due to insufficient validation of user-supplied input to the respective interfaces. 

Two extra bugs he found in DCNM included a high-severity command-injection flaw in DCNM REST and SOAP API endpoints and a medium-severity issue in DCNM. 

More on Cisco and network security

  • Cisco: All these routers have the same embedded crypto keys, so update firmware  
  • Cisco: These Wi-Fi access points are easily owned by remote hackers, so patch now  
  • Cisco warning: These routers running IOS have 9.9/10-severity security flaw
  • Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw  
  • Seriously? Cisco put Huawei X.509 certificates and keys into its own switches
  • New Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent update
  • Cisco critical-flaw warning: These two bugs in our data-center gear need patching now
  • Cisco alert: Patch this dangerous bug open to remote attacks via malicious ads
  • Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
  • Cisco’s warning: Patch now, critical SSH flaw affects Nexus 9000 fabric switches
  • Cisco warns over critical router flaw
  • Cisco: These are the flaws DNS hijackers are using in their attacks
  • Cisco bungled RV320/RV325 patches, routers still exposed to hacks
  • Cisco tells Nexus switch owners to disable POAP feature for security reasons
  • Cisco: Patch routers now against massive 9.8/10-severity security hole
  • How to improve cybersecurity for your business: 6 tips TechRepublic
  • New cybersecurity tool lets companies Google their systems for hackers CNET

  • Credit: Zdnet

    Previous Post

    Data 2020 Outlook Part II: Explainable AI and Multi-model Databases

    Next Post

    What is the Python Programming and the content of Python Certification?

    Related Posts

    Brave browser disables Google’s FLoC tracking system
    Internet Security

    Brave browser disables Google’s FLoC tracking system

    April 13, 2021
    These new vulnerabilities put millions of IoT devices at risk, so patch now
    Internet Security

    These new vulnerabilities put millions of IoT devices at risk, so patch now

    April 13, 2021
    Apple looking to close the gap between web and app privacy
    Internet Security

    Who do I pay to get the ‘phone’ removed from my iPhone?

    April 13, 2021
    Criminals spread malware using website contact forms with Google URLs
    Internet Security

    Criminals spread malware using website contact forms with Google URLs

    April 13, 2021
    Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
    Internet Security

    Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

    April 13, 2021
    Next Post
    What is the Python Programming and the content of Python Certification?

    What is the Python Programming and the content of Python Certification?

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    Recommended

    Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

    Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

    January 6, 2019
    Microsoft, Google Use Artificial Intelligence to Fight Hackers

    Microsoft, Google Use Artificial Intelligence to Fight Hackers

    January 6, 2019

    Categories

    • Artificial Intelligence
    • Big Data
    • Blockchain
    • Crypto News
    • Data Science
    • Digital Marketing
    • Internet Privacy
    • Internet Security
    • Learn to Code
    • Machine Learning
    • Marketing Technology
    • Neural Networks
    • Technology Companies

    Don't miss it

    Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets
    Blockchain

    Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets

    April 13, 2021
    AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning
    Machine Learning

    AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning

    April 13, 2021
    Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021
    Neural Networks

    Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021

    April 13, 2021
    The rise of headless and hybrid CMS: Tuesday’s daily brief
    Digital Marketing

    The rise of headless and hybrid CMS: Tuesday’s daily brief

    April 13, 2021
    Brave browser disables Google’s FLoC tracking system
    Internet Security

    Brave browser disables Google’s FLoC tracking system

    April 13, 2021
    New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
    Internet Privacy

    New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

    April 13, 2021
    NikolaNews

    NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

    What’s New Here?

    • Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets April 13, 2021
    • AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning April 13, 2021
    • Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021 April 13, 2021
    • The rise of headless and hybrid CMS: Tuesday’s daily brief April 13, 2021

    Subscribe to get more!

    © 2019 NikolaNews.com - Global Tech Updates

    No Result
    View All Result
    • AI Development
      • Artificial Intelligence
      • Machine Learning
      • Neural Networks
      • Learn to Code
    • Data
      • Blockchain
      • Big Data
      • Data Science
    • IT Security
      • Internet Privacy
      • Internet Security
    • Marketing
      • Digital Marketing
      • Marketing Technology
    • Technology Companies
    • Crypto News

    © 2019 NikolaNews.com - Global Tech Updates