APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    Vulnerability found in Cisco software

    Aimed at the company’s clients, the Cisco DNA Center is a piece of complex software providing a central system for designing and positioning device configurations over a large network.  

    Vulnerability found in Cisco software

    By

    Apac CIOOutlook | Thursday, January 01, 1970

    Stay ahead of the industry with exclusive feature stories on the top companies, expert insights and the latest news delivered straight to your inbox. Subscribe today.

    Recently, Cisco released 16 advisories that included 3 alerts on vulnerabilities with a critical rating. Though Cisco is a worldwide leader in IT and networking, even its software is susceptible to hacking. The liabilities include two bypasses of the authentication system and a backdoor account for Cisco Digital Network Architecture (DNA) Center.

    Aimed at the company’s clients, the Cisco DNA Center is a piece of complex software providing a central system for designing and positioning device configurations over a large network. The flaws came to light on account of a recent internal audit done.

    a. CVE-2018-0222: This flaw is the easiest to take advantage of. It is a backdoor account to the system which Cisco describes as an "undocumented, static user credentials for the default administrative account". According to the company, it grants the hacker core privileges on the targeted systems. Users are advised to disable the account as soon as possible by applying software patches as there are no other ways of disabling it until updates are installed.

    b. CVE-2018-0268: This is the second Achilles' heel and basically an authentication bypass. The Cisco’s DNA Center has a Kubernetes container management system embedded inside it. Someone who is capable of accessing the Kubernetes’ service port can execute commands with superior privileges within provisioned containers, according to a Cisco spokesperson. “The affected containers can be compromised if the bypass is successful.” There are no other methods to deflect this flaw and it’s up to the users to protect themselves by updating their DNA Center.

    c. CVE-2018-0271: This is an authentication bypass flaw in Cisco’s DNA Center’s API getaway. This occurs if the URLs are not normalized before the servicing requests. This weakness can be exploited by submitting a fake URL designed to capitalize on the situation. If the hacker attains success, there can be unauthorized access to critical services.

    Although Cisco has resolved all three vulnerabilities, it doesn’t ensure that there won’t be similar weaknesses in the future. This is because the company follows the process of hardcoding passwords where the passwords are embedded into the source code, rendering the system vulnerable and susceptible to attacks.

    See also: Top Cisco Tech Companies

    More in News

    Harnessing Big Data Analytics to Enhance Business Strategies

    Harnessing Big Data Analytics to Enhance Business Strategies

    AI's Role in Apac's Digital Transformation Journey

    AI's Role in Apac's Digital Transformation Journey

    Impact of Digital Transformation on Retail

    Impact of Digital Transformation on Retail

    Salesforce Services in APAC: Empowering Digital Transformation Across the Region

    Salesforce Services in APAC: Empowering Digital Transformation Across the Region

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://www.apacciooutlook.com/news/vulnerability-found-in-cisco-software-nwid-5329.html