Information Security News mailing list archives
Cisco critical-flaw warning: These two bugs in our data-center gear need patching now
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 24 Jun 2019 09:44:19 +0000 (UTC)
https://www.zdnet.com/article/cisco-critical-flaw-warning-these-two-bugs-in-our-data-center-gear-need-patching-now/ By Liam Tung ZDNet News June 20, 2019Networking giant Cisco has disclosed two critical vulnerabilities affecting core equipment in the data center that could give determined attackers an avenue to break into networks.
Cisco's Digital Network Architecture (DNA) Center appliance has once again been found to be vulnerable to an authentication bypass, which could allow an "adjacent" attacker to skip authentication and cause damage to an organization's critical internal services.
DNA Center allows admins to add new devices to the network and manage them based on enterprise policies.
The flaw, tagged as CVE-2019-1848, is because Cisco didn't sufficiently restrict access to ports used to operate the system. The vulnerability would allow an attacker to connect an unauthorized device to the network.
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Cisco critical-flaw warning: These two bugs in our data-center gear need patching now InfoSec News (Jun 24)