Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Cisco’s warning: Patch this default Network Assurance Engine password bug

February 13, 2019
in Internet Security
Cisco’s warning: Patch this default Network Assurance Engine password bug
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cisco is urging customers to install an update that fixes a high-severity issue affecting its Network Assurance Engine (NAE) for managing data-center networks. 

The bug, tracked as CVE-2019-1688, could allow an attacker to use a flaw in the password-management system of NAE to knock out an NAE server and cause a denial of service. 

You might also like

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

This chart shows the connections between cybercrime groups

Spy agency: Artificial intelligence is already a vital part of our missions

NAE is an important data-center network management tool that helps admins assess the impact of network changes and avoid application outages. 

As Cisco explains, the flaw is due to user passwords changes from the web-management interface failing to propagate to the command-line interface (CLI), leaving the old default password in place in the CLI. The issue only affects NAE version 3.0 (1), so older versions aren’t affected.

A local attacker could exploit the bug by authenticating with the default admin password on the CLI of an affected server. From there, the attacker could view sensitive information and bring down the server. 

The bug is fixed in Cisco NAE Release 3.0(1a) but Cisco notes that to fix the issue properly customers should change the admin password after upgrading to that version. 

Cisco also has a workaround for the bug, which involves changing the default admin password from the CLI. However, Cisco recommends customers contact the Technical Assistance Center to do this, so that the default password can be entered in a secure remote-support session. The password change needs to be carried out for all nodes in the cluster, it notes. 

Fortunately, Cisco’s security team isn’t aware of any live attacks using the flaw, which was found during internal security testing.

Previous and related coverage

Cisco warns: Patch now or risk your security appliance choking on single rogue email

One bad email could crash your Cisco email security appliance and keep it down as it tries to process the same email over and again.

Cisco discloses arbitrary execution in SD-WAN Solution and Webex

Networking giant reveals 23 security issues hitting products including SD-WAN Solution, Webex, and small business routers.

Cisco updates SD-WAN portfolio with new security features

Among the key updates, Cisco said it’s integrating application-aware enterprise firewall, intrusion prevention, and URL filtering into Cisco SD-WAN devices.

Cisco: Linux kernel FragmentSmack bug now affects 88 of our products

Cisco’s list of products with a Linux kernel denial-of-service flaw is growing.

Cisco: We’ve killed another critical hard-coded root password bug, patch urgently

This time a 9.8/10-severity hardcoded password has been found in Cisco’s video surveillance software.

Cisco critical flaw warning: These 10/10 severity bugs need patching now

Cisco’s software for managing software-defined networks has three critical, remotely exploitable vulnerabilities.

Cisco patches critical Nexus flaws: Are your switches vulnerable?

You’ll need to wade through Cisco’s advisories to work out if software you’re running is vulnerable or already fixed.

Cisco: Update now to fix critical hardcoded password bug, remote code execution flaw

Cisco patches two serious authentication bugs and a Java deserialization flaw.

Cisco warns customers of critical security flaws, advisory includes Apache Struts

The massive security update includes a patch for the recently-disclosed Apache bug — but not all products will be fixed yet.

Cisco updates ASR 9000 edge routing platform to carry users to 5G, multicloud world TechRepublic

New automation software, a new networking processor, and a new operating system will help Cisco customers make the transition to next-generation networking.

Apple and Cisco pool their might to shield companies from cyber risks CNET

Apple and Cisco join forces to protect businesses from risk of cyber threats.

Credit: Source link

Previous Post

Snapd Flaw Lets Attackers Gain Root Access On Linux Systems

Next Post

Hotflashes & Bots bring in 2019, A Radical journey into tech!

Related Posts

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe
Internet Security

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

February 26, 2021
This chart shows the connections between cybercrime groups
Internet Security

This chart shows the connections between cybercrime groups

February 26, 2021
Spy agency: Artificial intelligence is already a vital part of our missions
Internet Security

Spy agency: Artificial intelligence is already a vital part of our missions

February 26, 2021
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
Internet Security

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

February 26, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Next Post
Hotflashes & Bots bring in 2019, A Radical journey into tech!

Hotflashes & Bots bring in 2019, A Radical journey into tech!

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
The Beginner Guide for Creating a Multi-Vendor eCommerce Website
Data Science

The Beginner Guide for Creating a Multi-Vendor eCommerce Website

February 26, 2021
How Artificial Intelligence, Machine Learning will further advance Ed-tech sector?
Machine Learning

How Artificial Intelligence, Machine Learning will further advance Ed-tech sector?

February 26, 2021
Attorney-General urged to produce facts on US law enforcement access to COVIDSafe
Internet Security

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

February 26, 2021
Machine Learning & Big Data Analytics Education Market: Soaring Demand Assures Motivated Revenue Share During 2020-2030 – KSU
Machine Learning

Machine Learning & Big Data Analytics Education Market: Soaring Demand Assures Motivated Revenue Share During 2020-2030 – KSU

February 26, 2021
This chart shows the connections between cybercrime groups
Internet Security

This chart shows the connections between cybercrime groups

February 26, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware February 26, 2021
  • The Beginner Guide for Creating a Multi-Vendor eCommerce Website February 26, 2021
  • How Artificial Intelligence, Machine Learning will further advance Ed-tech sector? February 26, 2021
  • Attorney-General urged to produce facts on US law enforcement access to COVIDSafe February 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates