Networking giant Cisco has disclosed two critical vulnerabilities affecting core equipment in the data center that could give determined attackers an avenue to break into networks.
Cisco’s Digital Network Architecture (DNA) Center appliance has once again been found to be vulnerable to an authentication bypass, which could allow an “adjacent” attacker to skip authentication and cause damage to an organization’s critical internal services.
DNA Center allows admins to add new devices to the network and manage them based on enterprise policies.
The flaw, tagged as CVE-2019-1848, is because Cisco didn’t sufficiently restrict access to ports used to operate the system. The vulnerability would allow an attacker to connect an unauthorized device to the network.
“A successful exploit could allow an attacker to reach internal services that are not hardened for external access,” Cisco notes in the advisory.
The bug is rated critical with a CVSS score of 9.3 out of a possible 10 and affects Cisco DNA Center software releases prior to 1.3.
It’s not quite as bad as last year’s authentication bypass affecting the DNA Center software, which allowed a remote attacker to take complete control of the software’s identity-management functions.
A slightly less severe but also critical-rated flaw, CVE-2019-1625, affects the command-line interface of Cisco’s SD-WAN Solution. An attacker would need to be authenticated and have access to the equipment already, but this flaw could allow an escalation of privileges to root user on the affected device.
“The vulnerability is due to insufficient authorization enforcement,” Cisco explains.
“An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.”
The bug affects Cisco’s vBond Orchestrator Software, vEdge Series Routers from the 100, 1000, 2000, and 5000 range, vEdge Cloud Router Platform, vManage Network Management Software, and vSmart Controller Software.
The products are vulnerable if they are running on Cisco SD-WAN Solution prior to releases 18.3.6, 18.4.1, and 19.1.0.
Fortunately, both critical bugs were found during internal testing at Cisco and are not known to have been exploited in the wild.
Cisco has also disclosed 23 other high- and medium-severity vulnerabilities affecting a range of its products. Details are available on Cisco’s advisories and alerts page.
One notable flaw affects RV110W, RV130W, and RV215W Routers, which are vulnerable to a denial-of-service attack from an unauthenticated, remote attacker. The flaw resides in the web management interface of these devices due to improper checks on data supplied by users.
“An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition,” Cisco explains.
Cisco in February urged customers to patch these devices due to a much more serious flaw affecting them. Both this and the newly disclosed bug were reported by researchers at security firm Pen Test Partners.
More on Cisco and security
2021 Hennessey Venom 800 Ford F-150 hits 60 mph in 3.6 seconds
Many Ford fans are looking forward to the 2021 F-150 pickup. The truck is all-new, and the tuners at Hennessey have a special edition for truck buyers wanting sports car performance in their truck. The company says that the Hennessey Venom 800 Supercharged is the most powerful Ford truck it has ever produced.
The Venom 800 Supercharged is also one of the most exclusive Ford trucks the company has ever produced, with only 100 offered for the entire year. Thanks to a supercharger strapped on the 5.0-liter V-8 engine, the truck has 805 BHP and can reach 60 mph in 3.6 seconds. The turnkey vehicle starts with the 2021 Ford F-150 Platinum Super Crew four-door pickup.
The 5.0-liter V-8 is backed with a 10-speed automatic transmission, and the truck has four-wheel drive. Upgrades to the truck include an updated fuel pump system, stainless steel exhaust, E 85 flex-fuel sensor, and engine calibration performed on at chassis dyno. The supercharger and tuning double the stock V8 horsepower rating of 400 BHP.
When Hennessey is done, the F-150 has 805 BHP at 6200 RPM and 727 pound-foot of torque at 4100 RPM on E85. Hennessey brags that that is almost 100 horsepower more than the 2021 Ram TRX. The truck is capable of running the quarter-mile in 11.9 seconds at 116 mph.
It also gets an updated BREMBO brake system with six-piston calipers and 15.1-inch rotors to slow the monster down. Wheels are 20-inch custom units with 35-inch all-terrain tires. The truck also gets an off-road suspension system with upgraded shocks and external reservoirs supporting a six-inch lift. The front bumper is upgraded along with the grill, and the truck gets new badges. Pricing for the vehicle is $149,500 plus delivery, including the donor pickup.
Hispano Suiza Carmen Boulogne: New hyper EV promises more of everything
Spanish coachbuilder and EV maker Hispano Suiza has announced the arrival of its newest Carmen-based hyper-luxury EV: Carmen Boulogne. From afar, the Hispano Suiza Carmen Boulogne shares particular design cues with Bugatti’s Chiron supercar.
However, there’s no mistaking those curvaceous rear fenders, a stiff salute to the brand’s pre-war racing cars. According to Hispano Suiza, the Boulogne name dates back to 1921 when the company built a racing version of its H6 Coupe, where it scored three consecutive victories in the George Boilot Cup from 1921 to 1923.
So yes, the newest Carmen Boulogne hyper EV has some racing heritage to its credit. But like the Bugatti Chiron, Hispano Suiza’s latest creation is a proper grand tourer with impressive performance and a welcome dose of luxury.
Similar to a standard Carmen, the Boulogne has two permanent-magnet synchronous electric motors on each rear wheel. However, those four motors are tuned to squeeze out 1,100 horsepower, 95 more horses than a regular Carmen hyper EV. Meanwhile, the torque rating is at a mind-blowing 1,180 pound-feet, accessible from zero to 6,500 rpm.
And whereas Carmen has a top speed of 155 mph (250 kph), Boulogne has longer legs and can reach a maximum speed of 180 mph (290 kph). The sleek and lightweight carbon-fiber body enables Carmen Boulogne to weigh 132 pounds (60 kgs) less than a base Carmen, allowing it to rush from zero to 60 mph in 2.6-seconds.
Having four electric motors in the rear (and a thousand foot-pounds of torque) might sound like a recipe for disaster, but it’s not. Carmen Boulogne has sophisticated torque-vectoring to prevent you from wrapping it to a tree.
Powering those four motors is an 80 kWh lithium-ion polymer battery pack, good for around 248 miles of effective range. Carmen Boulogne can fast-charge at up to 80 kW DC to replenish the batteries in 30 minutes when the juice runs out.
Hispano Suiza is only building 14 units of the standard Carmen, while only five Boulogne models are slated for production, making it more exclusive than a Pininfarina Battista or Lotus Evija.
If you like Carmen Boulogne, prepare your checkbook as base prices start from $2-million (€1.65 million) at current exchange rates. Each of the five cars will take twelve months to build, and the first delivery will happen in 2022.
Hispano Suiza Carmen Boulogne Gallery
2021 Audi R8 RWD Panther Edition has red wheels and a stealthy vibe
Audi of America has something in store for early reservists of the 2021 R8 RWD sports car. Unique to the North American market and limited to only 30 units, the R8 Panther edition will be the first rear-wheel-drive R8 models to arrive at dealerships this December.
We’ll get to those red wheels in a minute since the 2021 R8 RWD Panther Edition is brimming with likable details, like that Panther Black paint, for example. It has a deep, glossy black finish from afar, but the paint hue transitions from black to deep purple upon closer inspection.
No, we’re not fans of chameleon paint jobs, either, but Audi’s Panther Black paint is a sight to behold. We first saw this bedazzling finish at the 2019 L.A. Auto Show in an Audi RS 5 Panther Edition, but we never thought it’d look so good in the 2021 Audi R8.
Complementing its new Panther Black paint are a bevy of carbon-fiber exterior trim, including the mirror caps, side intakes, and the rear engine cover. Blacked-out Audi badges are standard, too, while 20-inch double-spoke matte black wheels complete the sinister vibe.
And as you can see, those gorgeous wheels have bright red accents. Love it or hate it, those red wheels are here to stay, but standard Michelin Pilot Sport 4 S tires will somehow ease the pain.
Meanwhile, the interior is black-and-red like the exterior. Crimson Red leather seats are standard, while the rest of the cabin is covered in black leather with red stitching. On the other hand, the steering wheel, gear shifter, and headliner are swathed in fine Alcantara.
The 2021 Audi R8 RWD Panther Edition remains motivated by a naturally-aspirated 5.2-liter FSI V10 engine, good for 532 horsepower and 398 pound-feet torque. With this engine, the RS RWD can sprint to 60 mph in 3.6-seconds, while the top speed is at 201 mph.
Additionally, all R8 Panther Edition models get standard sports exhausts along with LED headlights and taillights, dynamic turn signals, illuminated door sills, and a 550-watt Bang & Olufsen audio system with 13 speakers.
Audi said its 2021 R8 Panther Edition will arrive at U.S. dealerships this month. Base prices start at around $183,000 before taxes and destination.
2021 Audi R8 RWD Panther Edition Gallery
Microsoft Holiday 2020 ad spot delivers free Minecraft, Flight Simulator goodies
This week Microsoft released an ad spot video with a daydreaming dog. The dog dreams, and the dreams are a...
Verizon has been leaking customers’ personal information for days (at least)
Enlarge / A Verizon FiOS truck in Manhattan on September 15, 2017. Verizon is struggling to fix a glitch that...
Disney Vodafone Neo sorta turns Grogu into a Tamagotchi
The Neo is a smartwatch made in a collaboration between Disney and Vodafone. This watch utilizes technology developed or licensed...
NSF releases footage from the moment Arecibo’s cables failed
Enlarge / The instrument platform and the cables that until recently supported it, as viewed from the suspended walkway that...
A good day for UltraHD: HBO Max and The Lord of the Rings will stream in 4K HDR
Enlarge / Wonder Woman is going to be extra shiny on modern TVs. Warner Bros. Wonder Woman 1984 will be...
Social10 months ago
CrashPlan for Small Business Review
Gadgets2 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Mobile2 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Social2 years ago
iPhone XS priciest yet in South Korea
Cars2 years ago
What’s the best cloud storage for you?
Security2 years ago
Google latest cloud to be Australian government certified
Cars2 years ago
Some internet outages predicted for the coming month as ‘768k Day’ approaches
Social2 years ago
Apple’s new iPad Pro aims to keep enterprise momentum