Connect with us

Cars

New Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent update

Published

on

Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Cisco has revealed two more highly critical security bugs affecting its data-center software, a week after telling customers to patch core network-management products.  

The newly disclosed bugs affect Cisco’s Data Center Network Manager (DCNM) software and once again are in its web-based management interface. 

Both flaws can be exploited by anyone on the internet and are rated as critical, with severity ratings of 9.8 out of 10. 

SEE: 10 tips for new cybersecurity pros (free PDF)

DCNM is the network management system for all NX-OS systems that use Cisco’s Nexus hardware in data centers. The software is used to automate provisioning, troubleshooting, and spotting configuration errors. 

In other words, it’s a crucial piece of software for organizations that use Nexus switches, whose NX-OS operating system got patches for an equally severe flaw in May.    

The first issue, CVE-2019-1619, is an authentication bypass in DCNM’s web interface that allows an attacker to take a valid session cookie without knowing the admin user password. 

Attackers would need to send a specially crafted HTTP request to an undisclosed but specific web servlet on affected devices to get that session cookie. Should attackers gain the cookie, they’d be able to control the device with administrative privileges. 

Cisco has now excised that particular web servlet in DCNM software release 11.1(1). However, it had deprecated the servlet in release 11.0(1), meaning it had removed the attack vector in that version already. 

The company is urging customers to upgrade to DCNM software release 11.1(1), which it released in early May. Cisco urges customers to upgrade to 11.1(1) or later to address the issue. 

The second flaw would allow anyone on the internet to upload malicious files on the DCNM filesystem on affected devices. Again, this bug is due to an undisclosed but specific web servlet that Cisco removed completely in software release 11.2(1), which Cisco released in June.  

“The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device,” Cisco explained in its advisory for the bug CVE-2019-1620.  

“A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.”

While customers on DCNM release 11.2(1) and later should be safe, Cisco notes that attackers targeting release 11.1(1) could gain unauthenticated access to the affected web servlet and exploit the flaw. In the 11.0(1) release, an attacker would need to be authenticated to the DCNM web interface to exploit it.

Both bugs were found by Pedro Ribeiro, who reported the bug through iDefense’s Vulnerability Contributor Program. Cisco said it is not currently aware of any attacks that exploit these bugs. 

More on Cisco and security

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Cars

Today’s Wordle Answer #472 – October 4, 2022 Solution And Hints

Published

on

The answer to today’s Wordle puzzle (#472 – October 4, 2022) is bough, which is what you call a branch, especially the main branch, of a tree. The word bough has roots (no pun intended) in the Old English word “bōg,” which means shoulder, similar to Old High German’s “buog,” which means the same thing (via Etymonline). There’s a popular Roman myth about the Golden Bough, which is a tree branch with golden leaves that enabled the trojan hero Aeneas to travel safely through the land of the dead. 

We solved the puzzle in three tries today, kicking things off with an expert-endorsed starter word, slate. We tried the word brush next, which turned out to be a really lucky guess with three green tiles. The answer was apparent by the third guess, and since we also solved the puzzle in three guesses yesterday, that begins a three-try streak that we hope we can continue tomorrow!

Continue Reading

Cars

How To Display iPhone 14 Pro’s Dynamic Island On Any Android Device

Published

on

You can also choose whether to display the cutout at the center of the display (for hole-punch cameras on the center of the display) or on the left for cameras placed in the corner. Remember that as you increase or decrease the cutout size, the icons shown in it will also scale to match. Thankfully, the app gives you a preview of the cutout when you are changing the settings.

You can also modify gestures such as single tap or long press. Dynamic Spot also allows you to change the default time, after which the pop-up automatically disappears. Additionally, you can fiddle with a lot of appearance-related settings, such as the animation when the Dynamic Island clone pops up or unfolds.

Just as on the iPhone 14 Pro, the Dynamic Spot on your Android app will show the app icon when a new notification arrives. You may selectively choose which apps display the notifications or allow all apps of them. You can also tap on the app’s icon to open the notification or long-press the icon to preview the notification.

Continue Reading

Cars

The 10 Wildest Features Of The Mercedes Maybach Off-Roader

Published

on

Sustainability is a word on every car manufacturer’s radar right now, with more focus being given to the idea of eco-friendly vehicles than ever before. The Off-Roader plays into that theme by featuring a prominent set of solar panels mounted on its hood, which could be used to generate power to extend the range of the car. It’s worth pointing out that this is all hypothetical, as the show car is non-functional, and has no drivetrain. Mercedes is keen to stress, though, that if the car did have a drivetrain, it would be all-electric, although no detail is given on the power or range that would be available to drivers.

The solar panels are interwoven with yet more Maybach logos, and their tinted finish makes them blend in almost seamlessly with the rest of the hood. It’s been pointed out by industry analysts that adding solar panels to cars is not always as environmentally friendly as it might seem, as the panels are only able to generate a very small amount of power. That power can easily be consumed by the added A/C strain caused by parking a car out in the sun all day to charge it. Car-mounted solar panels might be a flawed idea in practice, but even so, it’s interesting to see how Abloh was able to inconspicuously add them in without compromising the overall look of the car.

Continue Reading

Trending