Connect with us

Cars

Cisco critical-flaw warning: These two bugs in our data-center gear need patching now

Published

on

Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Networking giant Cisco has disclosed two critical vulnerabilities affecting core equipment in the data center that could give determined attackers an avenue to break into networks. 

Cisco’s Digital Network Architecture (DNA) Center appliance has once again been found to be vulnerable to an authentication bypass, which could allow an “adjacent” attacker to skip authentication and cause damage to an organization’s critical internal services.    

DNA Center allows admins to add new devices to the network and manage them based on enterprise policies. 

The flaw, tagged as CVE-2019-1848, is because Cisco didn’t sufficiently restrict access to ports used to operate the system. The vulnerability would allow an attacker to connect an unauthorized device to the network. 

“A successful exploit could allow an attacker to reach internal services that are not hardened for external access,” Cisco notes in the advisory. 

The bug is rated critical with a CVSS score of 9.3 out of a possible 10 and affects Cisco DNA Center software releases prior to 1.3. 

It’s not quite as bad as last year’s authentication bypass affecting the DNA Center software, which allowed a remote attacker to take complete control of the software’s identity-management functions.  

A slightly less severe but also critical-rated flaw, CVE-2019-1625, affects the command-line interface of Cisco’s SD-WAN Solution. An attacker would need to be authenticated and have access to the equipment already, but this flaw could allow an escalation of privileges to root user on the affected device. 

“The vulnerability is due to insufficient authorization enforcement,” Cisco explains. 

“An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.”

The bug affects Cisco’s vBond Orchestrator Software, vEdge Series Routers from the 100, 1000, 2000, and 5000 range, vEdge Cloud Router Platform, vManage Network Management Software, and vSmart Controller Software. 

The products are vulnerable if they are running on Cisco SD-WAN Solution prior to releases 18.3.6, 18.4.1, and 19.1.0. 

Fortunately, both critical bugs were found during internal testing at Cisco and are not known to have been exploited in the wild.   

Cisco has also disclosed 23 other high- and medium-severity vulnerabilities affecting a range of its products. Details are available on Cisco’s advisories and alerts page.   

One notable flaw affects RV110W, RV130W, and RV215W Routers, which are vulnerable to a denial-of-service attack from an unauthenticated, remote attacker. The flaw resides in the web management interface of these devices due to improper checks on data supplied by users. 

“An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition,” Cisco explains.  

Cisco in February urged customers to patch these devices due to a much more serious flaw affecting them. Both this and the newly disclosed bug were reported by researchers at security firm Pen Test Partners. 

More on Cisco and security

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Cars

Today’s Wordle Answer #472 – October 4, 2022 Solution And Hints

Published

on

The answer to today’s Wordle puzzle (#472 – October 4, 2022) is bough, which is what you call a branch, especially the main branch, of a tree. The word bough has roots (no pun intended) in the Old English word “bōg,” which means shoulder, similar to Old High German’s “buog,” which means the same thing (via Etymonline). There’s a popular Roman myth about the Golden Bough, which is a tree branch with golden leaves that enabled the trojan hero Aeneas to travel safely through the land of the dead. 

We solved the puzzle in three tries today, kicking things off with an expert-endorsed starter word, slate. We tried the word brush next, which turned out to be a really lucky guess with three green tiles. The answer was apparent by the third guess, and since we also solved the puzzle in three guesses yesterday, that begins a three-try streak that we hope we can continue tomorrow!

Continue Reading

Cars

How To Display iPhone 14 Pro’s Dynamic Island On Any Android Device

Published

on

You can also choose whether to display the cutout at the center of the display (for hole-punch cameras on the center of the display) or on the left for cameras placed in the corner. Remember that as you increase or decrease the cutout size, the icons shown in it will also scale to match. Thankfully, the app gives you a preview of the cutout when you are changing the settings.

You can also modify gestures such as single tap or long press. Dynamic Spot also allows you to change the default time, after which the pop-up automatically disappears. Additionally, you can fiddle with a lot of appearance-related settings, such as the animation when the Dynamic Island clone pops up or unfolds.

Just as on the iPhone 14 Pro, the Dynamic Spot on your Android app will show the app icon when a new notification arrives. You may selectively choose which apps display the notifications or allow all apps of them. You can also tap on the app’s icon to open the notification or long-press the icon to preview the notification.

Continue Reading

Cars

The 10 Wildest Features Of The Mercedes Maybach Off-Roader

Published

on

Sustainability is a word on every car manufacturer’s radar right now, with more focus being given to the idea of eco-friendly vehicles than ever before. The Off-Roader plays into that theme by featuring a prominent set of solar panels mounted on its hood, which could be used to generate power to extend the range of the car. It’s worth pointing out that this is all hypothetical, as the show car is non-functional, and has no drivetrain. Mercedes is keen to stress, though, that if the car did have a drivetrain, it would be all-electric, although no detail is given on the power or range that would be available to drivers.

The solar panels are interwoven with yet more Maybach logos, and their tinted finish makes them blend in almost seamlessly with the rest of the hood. It’s been pointed out by industry analysts that adding solar panels to cars is not always as environmentally friendly as it might seem, as the panels are only able to generate a very small amount of power. That power can easily be consumed by the added A/C strain caused by parking a car out in the sun all day to charge it. Car-mounted solar panels might be a flawed idea in practice, but even so, it’s interesting to see how Abloh was able to inconspicuously add them in without compromising the overall look of the car.

Continue Reading

Trending