Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Transformation

    Drone

    HPC

    Internet of Things

    IT Services

    Marine Tech

    Networking

    Plastic Tech

    PropTech

    Robotics

    Sensor Tech

    Simulation

    Smart City

    Software Testing

    Startup

    Storage

    Unified Communication

    Web Development

    Wireless

  • Automotive

    Banking

    Capital Market

    Compliance

    Construction

    Custom Software Development

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Travel and Hospitality

  • CISCO

    Google

    IBM

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cognitive

    Collaboration

    Contact Center

    Corporate Finance

    CRM

    Data Center

    Digital Signage

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Communications

    Enterprise Performance Management

    ERP

    Facility Management

    Field Service

    Fleet Management

    Gamification

    HR Technology

    IT Infrastructure

    IT Service Management

    Managed Services

    PLM

    Procurement

    Project Management

    RegTech

    Revenue Management

    Sales Tech

Menu
    • Amazon
    • Cloud
    • HPC
    • Capital Market
    • Collaboration
    • CEM
    • Drone
    • Facility Management
    • Fleet Management
    • Food and Beverages
    • Business Intelligence
    • IBM
    • Insurance
    • IT Infrastructure
    • Legal
    • Marine Tech
    • Networking
    • Plastic Tech
    • Procurement
    • RegTech
    • Sensor Tech
    • Simulation
    More
    Fleet Management Food and Beverages Business Intelligence IBM Insurance IT Infrastructure Legal Marine Tech Networking Plastic Tech Procurement RegTech Sensor Tech Simulation
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • News
    • CISCO
    Editor's Pick (1 - 4 of 8)
    left
    What's to come in 2015 - IT Trends in Customer Service

    Michael Ringman,

    Cisco Solution Provider Partners Navigate New Waters to Provide Business Continuity Solutions

    Rus Healy, Chief Technology Architect, Annese & Associates

    Using Cisco to choose High Performance Partner References

    Jeff Marshall, Director, North American Cisco Practice, Servion Global Solutions

    How to Evaluate the Partners and Solutions in the Cisco Ecosystem

    Steve Blacklock,

    Stop Taking Turns and Start Taking Action: True Collaboration Occurs Within a Shared Workspace

    David Kung, VP Product Strategy, Oblong Industries

    Cisco Stakes Its Claim on the Data Center - Even Your Toaster Will Go Sci-Fi

    Michael Watkins,

    The Move to the Cloud: Making Economic Sense of the Hype

    Bernd Schlotter,

    The IoT is Reality in Industrial Applications

    Bob Karschnia, VP Wireless, Emerson Process Management

    right

    Vulnerability found in Cisco software

    By Apac CIO Outlook | Monday, December 03, 2018
    Tweet

    Recently, Cisco released 16 advisories that included 3 alerts on vulnerabilities with a critical rating. Though Cisco is a worldwide leader in IT and networking, even its software is susceptible to hacking. The liabilities include two bypasses of the authentication system and a backdoor account for Cisco Digital Network Architecture (DNA) Center.

    Aimed at the company’s clients, the Cisco DNA Center is a piece of complex software providing a central system for designing and positioning device configurations over a large network. The flaws came to light on account of a recent internal audit done.

    a. CVE-2018-0222: This flaw is the easiest to take advantage of. It is a backdoor account to the system which Cisco describes as an "undocumented, static user credentials for the default administrative account". According to the company, it grants the hacker core privileges on the targeted systems. Users are advised to disable the account as soon as possible by applying software patches as there are no other ways of disabling it until updates are installed.

    b. CVE-2018-0268: This is the second Achilles' heel and basically an authentication bypass. The Cisco’s DNA Center has a Kubernetes container management system embedded inside it. Someone who is capable of accessing the Kubernetes’ service port can execute commands with superior privileges within provisioned containers, according to a Cisco spokesperson. “The affected containers can be compromised if the bypass is successful.” There are no other methods to deflect this flaw and it’s up to the users to protect themselves by updating their DNA Center.

    c. CVE-2018-0271: This is an authentication bypass flaw in Cisco’s DNA Center’s API getaway. This occurs if the URLs are not normalized before the servicing requests. This weakness can be exploited by submitting a fake URL designed to capitalize on the situation. If the hacker attains success, there can be unauthorized access to critical services.

    Although Cisco has resolved all three vulnerabilities, it doesn’t ensure that there won’t be similar weaknesses in the future. This is because the company follows the process of hardcoding passwords where the passwords are embedded into the source code, rendering the system vulnerable and susceptible to attacks.

    Read Also

    Predictions by Cisco: Upward Trajectory in IP Traffic

    Predictions by Cisco: Upward Trajectory in IP Traffic
    Unveiling Cisco's Latest Offering

    Unveiling Cisco's Latest Offering
    Cisco Provides New Lifeline to the Network Operating Systems

    Cisco Provides New Lifeline to the Network Operating Systems
    Cisco Offers New ACI Capabilities to Expand Customer Choice and Flexibility

    Cisco Offers New ACI Capabilities to Expand Customer Choice and Flexibility

    Weekly Brief

    loading
    Top 10 Cyber Security Solution Companies - 2019
    Top 10 Cyber Security Consulting/Services Companies - 2019

    Featured Vendors

    I-Sprint Innovations

    Dutch Ng, CEO

    HP

    Richard Bailey, President - Asia Pacific & Japan (APJ)
    ON THE DECK

    Cyber Security 2019

    Top Vendors

    Cyber Security 2018

    Top Vendors

    Cyber Security 2017

    Top Vendors

    Previous Next

    Copyright © 2019 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://www.apacciooutlook.com/news/vulnerability-found-in-cisco-software-nwid-5329.html