Connect with us


Cisco critical-flaw warning: These two bugs in our data-center gear need patching now



Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Networking giant Cisco has disclosed two critical vulnerabilities affecting core equipment in the data center that could give determined attackers an avenue to break into networks. 

Cisco’s Digital Network Architecture (DNA) Center appliance has once again been found to be vulnerable to an authentication bypass, which could allow an “adjacent” attacker to skip authentication and cause damage to an organization’s critical internal services.    

DNA Center allows admins to add new devices to the network and manage them based on enterprise policies. 

The flaw, tagged as CVE-2019-1848, is because Cisco didn’t sufficiently restrict access to ports used to operate the system. The vulnerability would allow an attacker to connect an unauthorized device to the network. 

“A successful exploit could allow an attacker to reach internal services that are not hardened for external access,” Cisco notes in the advisory. 

The bug is rated critical with a CVSS score of 9.3 out of a possible 10 and affects Cisco DNA Center software releases prior to 1.3. 

It’s not quite as bad as last year’s authentication bypass affecting the DNA Center software, which allowed a remote attacker to take complete control of the software’s identity-management functions.  

A slightly less severe but also critical-rated flaw, CVE-2019-1625, affects the command-line interface of Cisco’s SD-WAN Solution. An attacker would need to be authenticated and have access to the equipment already, but this flaw could allow an escalation of privileges to root user on the affected device. 

“The vulnerability is due to insufficient authorization enforcement,” Cisco explains. 

“An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.”

The bug affects Cisco’s vBond Orchestrator Software, vEdge Series Routers from the 100, 1000, 2000, and 5000 range, vEdge Cloud Router Platform, vManage Network Management Software, and vSmart Controller Software. 

The products are vulnerable if they are running on Cisco SD-WAN Solution prior to releases 18.3.6, 18.4.1, and 19.1.0. 

Fortunately, both critical bugs were found during internal testing at Cisco and are not known to have been exploited in the wild.   

Cisco has also disclosed 23 other high- and medium-severity vulnerabilities affecting a range of its products. Details are available on Cisco’s advisories and alerts page.   

One notable flaw affects RV110W, RV130W, and RV215W Routers, which are vulnerable to a denial-of-service attack from an unauthenticated, remote attacker. The flaw resides in the web management interface of these devices due to improper checks on data supplied by users. 

“An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition,” Cisco explains.  

Cisco in February urged customers to patch these devices due to a much more serious flaw affecting them. Both this and the newly disclosed bug were reported by researchers at security firm Pen Test Partners. 

More on Cisco and security

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


The Best Features Of The Aston Martin Vulcan



Although the Vulcan was specifically designed not to be road legal, one owner decided that they wanted to stick on some license plates and take it on the highway anyway. Except, it was far from that simple, as the conversion process required making some major changes to the car, and cost several hundred thousand dollars on top of the original purchase price (via Motor1). The street conversion was handled by RML Group but had full support from the Aston Martin factory, and after completion, it became the only road-legal Vulcan in existence.

Among the litany of changes required were the addition of windshield wipers, side mirrors, and a central locking system. Michelin road tires were also fitted, and a new set of headlights had to be installed to meet height requirements for British roads. The bladed tail lights were also covered over for safety, and a few of the sharper surface edges around the cabin were smoothed out. Then, the engine was remapped to meet emissions requirements, the suspension was softened, and a lift system was installed to give the car extra clearance for speed bumps. After all that, plus a few final touches, a license plate was fitted and the car was ready to go. Unfortunately, it seems like the owner’s enthusiasm for taking it on the road quickly evaporated, as checking the car’s plates against the British government database shows that its MOT (the annual national roadworthiness test) certificate expired back in January 2022.

Continue Reading


5 Cars Owned By Bob Seger That Prove He Has Great Taste



Pulling into the final spot on the list is a 1969 Shelby Cobra GT350 Fastback. This particular car is unique for a few reasons. First, it was the last “new original” Shelby that Ford would produce. The GT350 and GT500 released in 1970 weren’t actually new or original but re-VIN’d production cars from the previous year. Also, during the summer of ’69, Carrol Shelby ended his association with Ford (via MustangSpecs).

It had one of Ford’s new 351 Windsor V8 engines with a 470 CFM four-barrel Autolite carburetor under the hood that pounded out 290hp and 385 lb-ft of torque. Its 0 – 60 time was a modest 6.5 seconds, and it did the quarter mile in 14.9 seconds (via MustangSpecs).

According to MustangSpecs, it was typically mated to a 4-speed manual transmission, but Seger’s had a Tremec 6-speed stick instead (via Mecum Auctions). Seger’s Candy Apple Red GT350 had Ford’s upgraded interior package, flaunting a landscape of imitation teak wood covering the dash, steering wheel, door accents, and center console trim (via MustangSpecs).

According to Mecum Auctions, Seger’s was number 42 of 935. When it sold at auction in 2013 for $65,000, it noted that it had been displayed at the Henry Ford Museum at the Rock Stars, Cars & Guitars Exhibit.

Continue Reading


Here’s What Made Volkswagen’s Air-Cooled Engine So Special



Engines like the Chevy Small Block, Ford 5.0, Chrysler HEMI, and Toyota 2JZ are known for power, torque, and how quickly they can propel a hunk of steel down the drag strip or around the corners of a track. The Volkswagen air-cooled engine is remembered amongst people who have owned one as reliable, easy to maintain, and as numerous as grains of sand on the beach. VW made literally tens of millions of the engine, including over 21 million in just the Beetle (via Autoweek). 

It’s difficult to nail down specific aspects of the engine’s early history as sources tend to disagree on years. But the engine can be traced back to very early Volkswagen models designed with help from Ferdinand Porsche and built in the late-1930s to early 1940s in Nazi Germany. Official sources from Volkswagen are reluctant to acknowledge use of the engine or even the existence of the Beetle prior to the end of World War II.

Continue Reading