Cisco patches critical Smart Install flaw: 8.5 million devices affected. Cisco has released fixes for 34 flaws in its software, including 24 that affect its FXOS software for Firepower firewalls and NX-OS software for Nexus switches. Cisco's June updates include fixes for five critical arbitrary code execution vulnerabilities affecting FXOS and NX-OS and 19 high-rated flaws affecting the software. A dozen of them affect both FXOS and NX-OS, while the remaining only affect NX-OS. Cisco says that none of the flaws affects its IOS or IOS XE software.
Cisco have fixed a critical vulnerability that could expose servers to remote hackers. Cisco removed this bug from its Access Control Server (ACS) after receiving reports from Positive Technologies. As reported on Thursday by Positive Technologies, two of their experts detected a critical bug in Cisco's ACS that could allow hackers to access users' credentials and further exploit a LAN. The experts Mikhail Klyuchnikov and Yury Aleynov found this bug in the web interface of Access Control System (ACS) for Cisco. The vulnerability CVE-2018-0253 has received a CVSS v3.0 score of 9.8 out of 10.
A "critical"-rated bug in one of Cisco's network access management devices could have allowed hackers to remotely break into corporate networks. The bug was found in Cisco's Secure Access Control System (ACS), which system administrators use to authenticate users across a network. Now, two security researchers at Positive Technologies, which reported the bug to Cisco, explained that an attacker could gain near-unfettered access to a corporate network. According to the researchers, an attacker already on the network could collect or modify the credentials of users on network devices and perform man-in-the-middle attacks. If a device was accessible to the internet, the device would be at far greater risk of remote attacks.
Cisco patches critical Smart Install flaw: 8.5 million devices affected. Cisco is warning customers who use its new Digital Network Architecture (DNA) Center software to install newer releases that address three critical vulnerabilities that can give remote attackers access to enterprise networks. Cisco over the past few months has rolled out new DNA Center releases that address serious authentication flaws that, it revealed on Wednesday, affect earlier releases. The first DNA Center release was made available in January 2018, but it and versions up to 1.1.3 Cisco discovered two of the bugs during an internal audit, one of which consisted of undocumented, hardcoded user credentials for the default administrative account of DNA Center.
Video: The 2013 flaw that's still used to turn Linux servers into coin miners today Cisco has released patches for 34 vulnerabilities mostly affecting its IOS and IOS XE networking software, including three critical remote code execution security bugs. Perhaps the most serious issue Cisco has released a patch for is critical bug CVE-2018-0171 affecting Smart Install, a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software. A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code. Embedi, the security firm that found the flaw, initially believed it could only be exploited within an enterprise's network. However, it found millions of affected devices exposed on the internet.