Connect with us

Cars

Cisco critical bugs: Nexus data center switch software needs patching now

Published

on

Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Cisco has disclosed a dozen bugs affecting its Data Center Network Manager (DCNM) software, including three critical authentication-bypass bugs that expose enterprise customers to remote attacks.

Cisco warns that a remote attacker can bypass DCNM’s authentication and carry out tasks with administrative privileges on an affected device. 

The available updates are highly important for enterprise data centers built with its Nexus NX-OS-based switches. DCNM is a key component for automating NX-OS-based network infrastructure deployments. 

Cisco points to three separate authentication bypass vulnerabilities in a single advisory. They’re tagged as CVE-2019-15975, CVE-2019-15975, and CVE-2019-15977 and the trio have a severity rating of 9.8 out of a possible 10, meaning they are firmly critical security issues.  

The bugs “could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device”, Cisco said.

Despite the common advisory, Cisco explains the vulnerabilities are independent of each other and that exploitation of one isn’t required to exploit another. 

The first bug is due to a static encryption key that’s shared between installations. The issue resides in the REST API endpoint of DCNM. It allows an attacker to use the static key to generate a valid session token and potentially carry out actions at will through the REST API with administrative privileges. 

The second bug stems from the same problem. However, it lies in the SOAP API endpoint of DCNM. “A successful exploit could allow the attacker to perform arbitrary actions through the SOAP API with administrative privileges,” Cisco warned. 

The third bug is because Cisco added hard-coded credentials for the web-based user interface, which could allow an attacker to access a section of the web interface and obtain confidential information from an affected device. 

Cisco says it fixed these vulnerabilities in Cisco DCNM Software releases 11.3(1) and later on Windows, Linux, and virtual appliance platforms. 

The bugs were reported by Steven Seeley via Trend Micro’s Zero Day Initiative and iDefense, Accenture.

Seeley’s advice to customers is to patch DCNM now and if that’s not possible, uninstall the software. 

Seeley also found three high-severity bugs in the REST and SOAP API endpoints and the Application Framework feature of DCNM. The bugs could allow an authenticated remote attacker to conduct directory traversal attacks on an affected device,.   

The bugs affect Cisco DCNM prior to Release 11.3(1) for Windows, Linux, and virtual appliance platforms. All three bugs were due to insufficient validation of user-supplied input to the respective interfaces. 

Two extra bugs he found in DCNM included a high-severity command-injection flaw in DCNM REST and SOAP API endpoints and a medium-severity issue in DCNM. 

More on Cisco and network security

  • Cisco: All these routers have the same embedded crypto keys, so update firmware  
  • Cisco: These Wi-Fi access points are easily owned by remote hackers, so patch now  
  • Cisco warning: These routers running IOS have 9.9/10-severity security flaw
  • Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw  
  • Seriously? Cisco put Huawei X.509 certificates and keys into its own switches
  • New Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent update
  • Cisco critical-flaw warning: These two bugs in our data-center gear need patching now
  • Cisco alert: Patch this dangerous bug open to remote attacks via malicious ads
  • Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
  • Cisco’s warning: Patch now, critical SSH flaw affects Nexus 9000 fabric switches
  • Cisco warns over critical router flaw
  • Cisco: These are the flaws DNS hijackers are using in their attacks
  • Cisco bungled RV320/RV325 patches, routers still exposed to hacks
  • Cisco tells Nexus switch owners to disable POAP feature for security reasons
  • Cisco: Patch routers now against massive 9.8/10-severity security hole
  • How to improve cybersecurity for your business: 6 tips TechRepublic
  • New cybersecurity tool lets companies Google their systems for hackers CNET


  • Source link

    Continue Reading

    Cars

    2021 Kia Niro Hybrid and Niro PHEV gets new tech and safety updates

    Published

    on

    The 2021 Kia Niro Hybrid and Niro PHEV are soldiering on with a couple of new safety and technology features. Kia updated the Niro’s styling last year, and the changes carry over to the 2021 model. The Niro may not be the roomiest or best-handling crossover on the road, but it easily achieves 43 to 50 mpg in combined city/highway driving.

    New for the 2021 Kia Niro and Kiro PHEV is a rear occupant alert system, a new 8-inch touchscreen infotainment display, and wireless Apple CarPlay/Android Auto connectivity. Vehicles equipped with Kia’s Smart Key now have a remote engine start feature. Meanwhile, Niro models with navigation get ten years of complimentary MapCare updates.

    Moreover, both the Niro Hybrid and Niro plug-in-hybrid also get navigation-based smart cruise control with a ‘curve’ function. The latter automatically applies the brakes to reduce vehicle speed upon entering a corner. The Niro is comprehensively equipped with top-notch safety and driver assistive features like forward collision avoidance, blindspot detection, lane keeping assist, smart cruise control, and a rearview camera, to name just a few.

    The 2021 Kia Niro Hybrid remains motivated by a 1.6-liter four-cylinder engine and an electric motor pumping out a combined 139 horsepower, all of which are sent to the front wheels via a six-speed dual-clutch gearbox. It also has a 1.56 kWh lithium-ion polymer hybrid battery pack sending juice to the small electric motor.

    On the other hand, the 2021 Kia Niro PHEV has the same gasoline engine and electric motor as the hybrid version producing 139 horsepower and 195 pound-feet of torque. The difference is a larger 8.9 kWh battery pack, allowing 26 miles of all-electric range before the battery runs out of juice. The Niro PHEV is EPA-rated at 46 mpg.

    The 2021 Kia Niro Hybrid is available in five trim models: LX, LXS, Touring, Touring SE, and EX Premium. Base prices start at $25,865 (an increase of $100 over last year’s model), while the top-of-the-line Niro Hybrid EX Premium starts at $34,125 (inclusive of $1,175 destination fees).

    If you like the 2021 Kia Niro PHEV, you can choose from three available trims: LXS, EX, and EX Premium, with base prices starting at $30,765. Both the Niro Hybrid and Niro PHEV are available to order now. The new 2021 all-electric Niro EV is also coming later this year.

    Continue Reading

    Cars

    The final phase of Ram’s limited-edition “Build to Serve” truck line launches

    Published

    on

    Ram has been building special limited edition “Build to Serve” trucks to celebrate the United States Armed Forces. So far, the automaker has built these special trucks to honor all five branches of the United States Armed Forces. The fifth and final installment in the series introduces 500 units in a color called Spitfire and 750 in Bright White.

    The military branch-inspired interior will be available in showrooms starting in Q2 of 2021. The Built to Serve edition’s fifth installment offers a maritime force-inspired theme with both exterior color options featuring a black interior with orange accent stitching. With the fifth and final version of the truck revealed, each of the five US military service branches has been honored by Ram with two specially selected exterior paint colors meant to evoke the spirit, mission, and history of that service.

    Built to Serve edition Ram trucks were made in the following numbers and colors. Ram made 1000 units in Gator and 1000 in Diamond Black Crystal. Ram produced 1000 in Ceramic Gray and 1000 in Patriot Blue. 1250 units were built in Anvil with 1500 produced in Billet Silver Metallic.

    In the series, 1000 trucks were made in Tank and 1000 in Flame Red. This fifth and final installment are the rarest of the special edition trucks, with only 500 produced in Spitfire and 750 made in Bright White. All Built to Serve trucks get 20-inch aluminum wheels with a unique Technical Gray finish along with body-color wheel flares.

    All the trucks feature unique Built to Serve instrument panel badging, optional lockable center storage console, deeply bolstered cloth and vinyl sport seats, black onyx chrome interior trim, and all-weather slush mats. The trucks also include the 4×4 Off-Road Group and are available on all body styles and with all powertrains.

    Continue Reading

    Cars

    Manhart MH3 600 and MH4 600 are spicier versions of BMW’s M3 and M4

    Published

    on

    German tuning brand Manhart has a nifty pair of new BMWs to call its own: The MH3 600 and MH4 600. Based on the all-new G80 BMW M3 sedan and G82 M4 coupe, both the MH3 600 and MH4 600 receive a plethora of upgrades, including a 600-plus horsepower turbocharged inline-six motor.

    Manhart starts with the 2021 M3 and M4 Competition models, both pumping out 510 horsepower from the factory. After installing a Manhart MHtronik Powerbox, the inline-six motor has a new maximum output of 620+ horsepower, around 100 more horses than stock. Additionally, you have 553 pound-feet of torque at your disposal.

    The mods include a Manhart Performance cat-back or OPF-back exhaust system with twin carbon tailpipes to unleash those spent gasses. According to Manhart, their Mhtronik Powerbox is also applicable to a standard M3 or M4, allowing the motor to churn out 590 horsepower. If you’re keeping count, that’s 117 more horsepower than a typical M3’s 473-horsepower output. Nice.

    Other upgrades include new H&R lowering springs, staggered Concave One forged wheels developed in-house by Manhart, and a sprinkling of carbon-fiber exterior bits to improve aerodynamics, including a new hood, front splitter, rear spoiler, and rear diffuser. Manhart is also developing a unique set of side flaps for MH3 600 and MH4 600.

    Of course, no Manhart creation is complete without a set of body decals. You get a gold decal kit for the MH3 600 and MH4 600, including side stripes and racing stripes. What’s more, you can have gold pinstriping on the wheels if you like a bit more bling in your Bimmer.

    The 2021 BMW M3 and M4 (including the 4-Series in general) were targets of blatant criticism upon debuting last year, and it all has something to do with that oversized kidney grille. But looking at Manhart’s MH3 600 and MH4 600, the stealthy vibe fits both vehicles quite well. Dare we say Manhart has sorted out the M3 and M4’s polarizing façade?

    And when you think about it, Manhart isn’t done with the M3 and M4. The 600-horsepower upgrade is only Phase 1 of the tuning program. Phase 2 involves more power, more noise, and more ridiculous exterior appendages, and we can’t wait to check it out soon.

    Continue Reading

    Trending