APAC CIOOutlook

Advertise

with us

  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • CXO Awards
Apac
Menu
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    Vulnerability found in Cisco software

    Aimed at the company’s clients, the Cisco DNA Center is a piece of complex software providing a central system for designing and positioning device configurations over a large network.  

    Vulnerability found in Cisco software

    By

    Apac CIOOutlook | Thursday, January 01, 1970

    Stay ahead of the industry with exclusive feature stories on the top companies, expert insights and the latest news delivered straight to your inbox. Subscribe today.

    Recently, Cisco released 16 advisories that included 3 alerts on vulnerabilities with a critical rating. Though Cisco is a worldwide leader in IT and networking, even its software is susceptible to hacking. The liabilities include two bypasses of the authentication system and a backdoor account for Cisco Digital Network Architecture (DNA) Center.

    Aimed at the company’s clients, the Cisco DNA Center is a piece of complex software providing a central system for designing and positioning device configurations over a large network. The flaws came to light on account of a recent internal audit done.

    a. CVE-2018-0222: This flaw is the easiest to take advantage of. It is a backdoor account to the system which Cisco describes as an "undocumented, static user credentials for the default administrative account". According to the company, it grants the hacker core privileges on the targeted systems. Users are advised to disable the account as soon as possible by applying software patches as there are no other ways of disabling it until updates are installed.

    b. CVE-2018-0268: This is the second Achilles' heel and basically an authentication bypass. The Cisco’s DNA Center has a Kubernetes container management system embedded inside it. Someone who is capable of accessing the Kubernetes’ service port can execute commands with superior privileges within provisioned containers, according to a Cisco spokesperson. “The affected containers can be compromised if the bypass is successful.” There are no other methods to deflect this flaw and it’s up to the users to protect themselves by updating their DNA Center.

    c. CVE-2018-0271: This is an authentication bypass flaw in Cisco’s DNA Center’s API getaway. This occurs if the URLs are not normalized before the servicing requests. This weakness can be exploited by submitting a fake URL designed to capitalize on the situation. If the hacker attains success, there can be unauthorized access to critical services.

    Although Cisco has resolved all three vulnerabilities, it doesn’t ensure that there won’t be similar weaknesses in the future. This is because the company follows the process of hardcoding passwords where the passwords are embedded into the source code, rendering the system vulnerable and susceptible to attacks.

    See also: Top Cisco Tech Companies

    More in News

    Transforming Retail: The Impact of VR and AR in Asia Pacific

    Transforming Retail: The Impact of VR and AR in Asia Pacific

    Harnessing the Synergy of AI and Big Data

    Harnessing the Synergy of AI and Big Data

    Artificial intelligence propelling medical sciences

    Artificial intelligence propelling medical sciences

    Deploying Big Data Analysis to Develop IoT Solutions

    Deploying Big Data Analysis to Develop IoT Solutions

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://www.apacciooutlook.com/news/vulnerability-found-in-cisco-software-nwid-5329.html