Connect with us

Cars

Cisco critical bugs: Nexus data center switch software needs patching now

Published

on

Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Cisco has disclosed a dozen bugs affecting its Data Center Network Manager (DCNM) software, including three critical authentication-bypass bugs that expose enterprise customers to remote attacks.

Cisco warns that a remote attacker can bypass DCNM’s authentication and carry out tasks with administrative privileges on an affected device. 

The available updates are highly important for enterprise data centers built with its Nexus NX-OS-based switches. DCNM is a key component for automating NX-OS-based network infrastructure deployments. 

Cisco points to three separate authentication bypass vulnerabilities in a single advisory. They’re tagged as CVE-2019-15975, CVE-2019-15975, and CVE-2019-15977 and the trio have a severity rating of 9.8 out of a possible 10, meaning they are firmly critical security issues.  

The bugs “could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device”, Cisco said.

Despite the common advisory, Cisco explains the vulnerabilities are independent of each other and that exploitation of one isn’t required to exploit another. 

The first bug is due to a static encryption key that’s shared between installations. The issue resides in the REST API endpoint of DCNM. It allows an attacker to use the static key to generate a valid session token and potentially carry out actions at will through the REST API with administrative privileges. 

The second bug stems from the same problem. However, it lies in the SOAP API endpoint of DCNM. “A successful exploit could allow the attacker to perform arbitrary actions through the SOAP API with administrative privileges,” Cisco warned. 

The third bug is because Cisco added hard-coded credentials for the web-based user interface, which could allow an attacker to access a section of the web interface and obtain confidential information from an affected device. 

Cisco says it fixed these vulnerabilities in Cisco DCNM Software releases 11.3(1) and later on Windows, Linux, and virtual appliance platforms. 

The bugs were reported by Steven Seeley via Trend Micro’s Zero Day Initiative and iDefense, Accenture.

Seeley’s advice to customers is to patch DCNM now and if that’s not possible, uninstall the software. 

Seeley also found three high-severity bugs in the REST and SOAP API endpoints and the Application Framework feature of DCNM. The bugs could allow an authenticated remote attacker to conduct directory traversal attacks on an affected device,.   

The bugs affect Cisco DCNM prior to Release 11.3(1) for Windows, Linux, and virtual appliance platforms. All three bugs were due to insufficient validation of user-supplied input to the respective interfaces. 

Two extra bugs he found in DCNM included a high-severity command-injection flaw in DCNM REST and SOAP API endpoints and a medium-severity issue in DCNM. 

More on Cisco and network security

  • Cisco: All these routers have the same embedded crypto keys, so update firmware  
  • Cisco: These Wi-Fi access points are easily owned by remote hackers, so patch now  
  • Cisco warning: These routers running IOS have 9.9/10-severity security flaw
  • Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw  
  • Seriously? Cisco put Huawei X.509 certificates and keys into its own switches
  • New Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent update
  • Cisco critical-flaw warning: These two bugs in our data-center gear need patching now
  • Cisco alert: Patch this dangerous bug open to remote attacks via malicious ads
  • Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
  • Cisco’s warning: Patch now, critical SSH flaw affects Nexus 9000 fabric switches
  • Cisco warns over critical router flaw
  • Cisco: These are the flaws DNS hijackers are using in their attacks
  • Cisco bungled RV320/RV325 patches, routers still exposed to hacks
  • Cisco tells Nexus switch owners to disable POAP feature for security reasons
  • Cisco: Patch routers now against massive 9.8/10-severity security hole
  • How to improve cybersecurity for your business: 6 tips TechRepublic
  • New cybersecurity tool lets companies Google their systems for hackers CNET


  • Source link

    Continue Reading

    Cars

    Toyota foils leakers by offering an official image of the 2022 Tundra

    Published

    on

    Earlier this week, leaked images were going around claiming to show the next generation 2022 Toyota Tundra. Automakers never like leaks, and often they simply deny that the images are of their vehicle or ignore the leak altogether. However, Toyota used a different tactic when images of its 2022 Tundra leaked, choosing to release an official image of the truck.

    2022 Tundra TRD Pro

    With Toyota’s move, talk of the 2022 Tundra has moved from the leaked images to Toyota’s official image. However, it’s worth noting that Toyota only offered a single image of the TRD Pro version of the Tundra and offered no details on the truck. Last month, SlashGear posted a review of the 2021 Tundra TRD Pro, highlighting that it was the last hurrah for the current generation of the truck.

    However, it does offer a nice opportunity for us to compare the exterior of the 2021 model to the 2022 model. What we see is significant changes on the exterior of the truck. While the overall profile remains virtually the same, the 2022 has a completely new front end that closely resembles the style used on the Tacoma and 4Runner SUV. That means a large black grille with hexagonal openings and bulky Toyota branding on the grille.

    It’s unclear if non-TRD Pro versions will have the same front-end treatment. Another interesting tidbit that is easily seen from the official Toyota photograph is that the truck is equipped with an LED light bar underneath the Toyota logo in the grill and what appear to be LEDs underneath the grill on the front black portion of the bumper. The headlights are much smaller and appear to be LED.

    2021 Tundra TRD Pro

    The truck has modest black fender extensions and rolls on very attractive black wheels. We also note that the truck has integrated sidesteps to make it easier to get in and out. Unfortunately, there’s no indication of what changes might have been made to the interior or under the hood of the truck at this time.

    Continue Reading

    Cars

    Ford to purchase Electriphi for integration with Ford Pro services for EV fleets

    Published

    on

    Ford has announced it will purchase Electriphi, a California-based provider of charging management and fleet monitoring software for electric vehicles. Ford intends to integrate Electriphi capabilities with its Ford Pro services to develop advanced charging and energy management experiences for commercial users. Many large commercial fleet operators are actively transitioning from combustion-powered vehicles to electric vehicles, and managing charging is a significant challenge.

    Ford believes that the acquisition of Electriphi will help spur the adoption of the new F-150 Lightning Pro and E-Transit van by fleet operators around the country and the world. The automaker also notes that the acquisition is part of its plan to invest more than $30 billion by 2025 to enable it to lead in electrification for both commercial and retail customers.

    Ford Pro is a new global business within Ford designed to help improve commercial customer productivity and develop advanced charging and energy management services. Charging infrastructure and managing charging capabilities for large fleets of electric vehicles is seen as one of the biggest challenges to the adoption of electric vehicles by commercial users. Ford Pro estimates that the depot charging industry will grow to over 600,000 full-size trucks and vans by 2030.

    Ford Pro expects to have over $1 billion in revenue from charging by 2030. Ford’s full-electric E-Transit van is currently scheduled to begin shipping later this year, and the F-150 Lightning Pro will begin shipping in the spring of 2022. Electriphi had a team of over 30 employees, and the software they developed is designed to simplify the electrification of fleets, save energy cost, and track critical metrics like the real-time status of vehicles, chargers, and maintenance services. Ford expects to close the acquisition this month at undisclosed terms. Ford Pro will begin for customers in North America, but it will launch in Europe later.

    Continue Reading

    Cars

    2021 Volkswagen Jetta Review: Sober Value

    Published

    on

    Volkswagen would probably call the 2021 Jetta “pragmatic,” and rationality certainly is the name of the game for one of the most affordable cars on the market right now. A mainstay of the compact sedan segment since 1979, the Jetta always promised a balance between the playful Golf and the grown-up Passat. These days, though, the Jetta may have matured a little too far.

    Much as with the Golf in the US, VW has pared back the Jetta configurations to a single engine. In fact it’s the same engine: a 1.4-liter turbocharged four-cylinder, with 147 horsepower and 184 lb-ft of torque. The cheapest 2021 Jetta, the S trim from $18,995 (plus $995 destination), comes with a six-speed manual. So, too, does the $22,795 Jetta R-Line.

    Otherwise you get an eight-speed automatic, with front-wheel drive across the board. In the case of my 2021 Jetta SEL Premium – the swankiest Volkswagen offers – it pushes pricing to $28,045 plus destination. Part of that is the Cold Weather Package, which is $500 on lesser trims, and the equally priced Driver-Assistance Package.

    All Jetta get LED front and rear lights, and R-Line and above upgrade the 16-inch alloy wheels to 17-inch versions. SE and above have heated side mirrors and a panoramic power sunroof. SE and above get dual-zone automatic climate control and heated front seats; cars with the Cold Weather Package have a heated steering wheel and heated rear seats. Only the SEL Premium has actual leather upholstery, though.

    On the safety side, automatic post-collision braking is standard across the board, while SE and above get forward collision warnings with emergency braking, blind spot monitoring, and rear cross-traffic alerts. SEL and SEL Premium cars throw in adaptive cruise control with lane-keeping assistance.

    The Jetta may have the same engine as the 2021 Golf, but the end result still feels fairly different. The Golf has, of course, near-sublime chassis tuning, and is altogether more eager with its 147 horses. Even with the same platform underneath, the Jetta plays things a little more grown-up. It’s surprisingly zippy from a standing start, easily pulling away, but corners see more body roll and the steering is dialed in light.

    I suspect that’s what Jetta owners like, though, and certainly it’s a relaxed and unchallenging experience from behind the wheel. The Jetta GLI promises a few more thrills, thanks in no small part to its active damping, but this regular car is unlikely to get your heart rate up.

    The same could be said for the cabin, which is dark and sober enough that you could assume Volkswagen is going through its goth phase. Matte black plastics sit alongside gloss black plastics, and the sprinkling of dark silver trim around the clusters of controls isn’t enough to lift the interior out of its somber monochrome.

    The switchgear feels good, but the rest of the plastics are only middling, and all the button blanks around the transmission shifter are a reminder that even in SEL Premium form you don’t get a huge number of toys. The 8-inch touchscreen on SEL and SEL Premium trims now runs MIB3, a newer version of VW’s infotainment system; S, SE, and R-Line cars get a 6.5-inch touchscreen and the older MIB2. So, too, the two highest trims pack the Volkswagen Digital Cockpit, with a screen replacing the analog gauges.

    MIB3 is clean and easy to use, though VW’s graphics don’t stray from the pallid aesthetic of the rest of the interior. There’s Apple CarPlay and Android Auto, plus a wireless charging pad, and both SEL and SEL Premium cars get a 400 watt Beats Audio system with eight speakers and a subwoofer. There’s a surprising degree of bass from that, along with two USB-C ports.

    Where the Jetta does stand out – including against the Golf – is in economy. The EPA says you’ll get the same 29 mpg in the city, but highway driving is rated for up to 39 mpg (versus the Golf’s 36 mpg) for a single point advantage at 33 mpg combined. In practice, it’s not difficult to meet those figures either, not least because the Jetta doesn’t especially encourage profligate manners behind the wheel. Highway driving in particular feels tuned for steady plodding rather than anything approaching urgency.

    Practicality tips things back in the Golf’s favor, with the Jetta offering 14.1 cu-ft of trunk space versus its hatchback cousin’s 17.4 cu-ft. Still, it feels bigger than that, there’s a 60/40 split rear seat, and adult passengers back there only had a slight dip in headroom to complain about. A four-year/50,000 mile warranty is a little more generous than what many in the category are offering.

    2021 Volkswagen Jetta Verdict

    I’ve said it before: VW’s attentions seem to be on its electrification strategy and the ID range, and that leaves cars like the 2021 Jetta out in the shadows. The compact sedan isn’t a bad car, just an unmemorable one, and the problem there is that it finds itself with competition that rival automakers are taking a lot more seriously.

    The new 2022 Honda Civic Sedan, for example, is similarly priced but has a fantastic cabin and is more rewarding dynamically. The Mazda3 has beguiling looks and is far more enjoyable to drive than the Jetta. There’s not really anything objectively wrong with Volkswagen’s car, and those on an extreme budget might find its lesser-equipped trims appealing, but even those who think of their vehicles as appliances will find more to appreciate elsewhere.

    Continue Reading

    Trending