Cisco critical-flaw warning: These two bugs in our data-center gear need patching now

[InfoSec News <alerts () infosecnews org>]

https://www.zdnet.com/article/cisco-critical-flaw-warning-these-two-bugs-in-our-data-center-gear-need-patching-now/

By Liam Tung
ZDNet News
June 20, 2019

Networking giant Cisco has disclosed two critical vulnerabilities 
affecting core equipment in the data center that could give determined 
attackers an avenue to break into networks.

Cisco's Digital Network Architecture (DNA) Center appliance has once again 
been found to be vulnerable to an authentication bypass, which could allow 
an "adjacent" attacker to skip authentication and cause damage to an 
organization's critical internal services.

DNA Center allows admins to add new devices to the network and manage them 
based on enterprise policies.

The flaw, tagged as CVE-2019-1848, is because Cisco didn't sufficiently 
restrict access to ports used to operate the system. The vulnerability 
would allow an attacker to connect an unauthorized device to the network.

[...]




--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_