Search This Blog

Showing posts with label Cisco. Show all posts

Cisco Published Two Critical and Six High-Severity Patches for Nexus Gear

 

The American multinational technology conglomerate corporation Cisco Systems, based in San Jose, California - has published six security patches for its high-end 9000 series networking gear, spanning in severity from critical, high, and medium. 

Cisco Systems designs, produce and distributes networking gear, software, telecom equipment, and a variety of other high-tech products and services. 

Cisco fixed one of the most critical flaws (ranked 9.1 out of 10) that might enable a hostile and unauthorized attacker to read or write arbitrary files on an application protocol interface used in Cisco 9000 series switches meant to operate its software-defined networking data center solutions. 

Cisco additionally patched two high-severity Nexus 9000 flaws (CVE-2021-1586 and CVE-2021-1523) as well as three medium-severity flaws (CVE-2021-1583, CVE-2021-1584, CVE-2021-1591). Each of the high-severity flaws (also with a CVSS base score of 8.6) are denial of service issues. 

The significant vulnerability, CVE-2021-1577, patched affects the Cisco Application Policy Infrastructure Controller (APIC) and the Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC). APIC is the primary architectural element of the Cisco Application Centric Infrastructure, which is operated on a Cisco Nexus 9000 Series node.

In a variety of diminutive form factors, the Cisco Nexus 9000 Series combines established high performance and compactness, low latency, and outstanding power efficiency. They can run in either Cisco NX-OS Software or Application Centric Infrastructure (ACI) mode. They are suitable for both conventional and completely automated data center setups. 

Cisco describes a second high-severity Nexus 9000 series flaw as a loophole within the Fabric Switches ACI Mode Queue Wedge. 

“This vulnerability is due to improper access control. An attacker could exploit this vulnerability by using a specific API endpoint to upload a file to an affected device,” wrote Cisco in its Wednesday security bulletin. Affected products are Cisco APIC and Cisco Cloud APIC. 

Cisco stated that countermeasures are present for each of the flaws and that it is unaware of any widely available exploits for all those problems that have been fixed, as with all of the flaws and solutions published on Wednesday. The fix released on Wednesday 25th of August was included in the Cisco "bundled publication" of security improvements for its Firepower eXtensible Operating System and Linux kernel compatible NX-OS software. 

“A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition,” wrote Cisco. 

Following the implementation of the patches, Cisco advises that the solution for this flaw needs “a manual intervention to power-cycle the device to recover.” Fabric switches from the generation 1 model N9K (Nexus 9000) series are the ones compromised.

Cisco: Firewall Manager RCE Flaw is a Zero-day, Patch Arriving Soon

 

In a Thursday security advisory update, Cisco disclosed that a remote code execution (RCE) vulnerability discovered last month in the Adaptive Security Device Manager (ADSM) Launcher is a zero-day flaw that is yet to be patched. 

Cisco ADSM is a firewall appliance manager that controls Cisco Adaptive Security Appliance (ASA) firewalls and AnyConnect Secure Mobility clients via a web interface. 

As per the updated advisory, "At the time of publication, Cisco planned to fix this vulnerability in Cisco ASDM. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability." 

The business also modified the list of compromised ADSM software versions from '9.16.1 and earlier'—as mentioned in the first advisory—to '7.16(1.150) and earlier' in a recent update. 

Incorrect signature verification for code shared between the ASDM and the Launcher caused the zero-day flaw, which is tracked as CVE-2021-1585. 

With the rights granted to the ASDM Launcher, successful exploitation could permit an unauthenticated attacker to remotely launch arbitrary code on a target's operating system. 

As Cisco explained in the updated advisory, "An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code." 

"A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM." 

Furthermore, according to the firm, its Product Security Incident Response Team (PSIRT) is not informed of any proof-of-concept attacks for zero-day or threat actors utilizing it in the open. 

Cisco patched a six-month-old zero-day vulnerability (CVE-2020-3556) in the Cisco AnyConnect Secure Mobility Client VPN software three months ago, using publicly accessible proof-of-concept exploit code. 

While proof-of-concept exploit code was publicly accessible when the problem was discovered, Cisco PSIRT also said that there was no indication of in the wild exploitation. 

Cisco reported the zero-day vulnerability in November 2020, without issuing any security patches to fix the fundamental flaw, although it did offer mitigation techniques to reduce the attack surface. No active exploitation was reported before CVE-2020-3556 was fixed in May, most likely because default VPN setups were prone to attacks and the vulnerability could only be exploited by authenticated local attackers. 

However, after Positive Technologies' Offensive Team revealed a proof-of-concept vulnerability last month, attackers pounced on a Cisco ASA flaw (partially fixed in October 2020 and fully resolved in April 2021).

Cisco Smart Switches Detected with Vulnerabilities

 

In Cisco's Small Business 220 Series smart switches a researcher has uncovered various vulnerabilities, especially those with high severity assessments. This Monday, the networking giant advised its consumers that patches for these vulnerabilities are available. 

The impact switch runs firmware versions earlier than 1.2.0.6 and has the web-based management interface enabled. 

Cisco Systems, Inc. is a US conglomerate based in San Jose, California, in the Silicon Valley center. Cisco designs manufacture and distribute high-tech services and products for networking hardware, software, telecommunications equipment, and others. 

Security researcher Jasper Lievisse Adriaanse has identified the vulnerabilities. He discovered four kinds of safety holes on the small enterprise switch as published in a notice by Cisco. 

One can be used by a remote, unverified attacker, tracked as CVE-2021-1542, which is rated as high severity to take over the user session and obtain access to the web portal of a switch. The attacker could acquire managerial access to the management interface, based on the rights of the potential customer. 

Another high-severity problem is CVE-2021-1541, which enables a remote device attacker with admin access to perform arbitrary root-privileged commands on the operating system underneath it. 

The two other weaknesses identified by the investigator, both of which were Cisco's medium severity, might allow a remote attacker to initiate XSS (CVE-2021-1543) or HTML injection attacks (CVE-2021-1571). 

“[In the case of the] XSS flaw, the vector which I tested and verified was by exploiting a vulnerability in how certain packets which are only valid on the same L2 domain are parsed,” Adriaanse explained. 

He added, “It should be possible, if you’re on the same L2 domain, to perform the XSS attack through CVE-2021-1543, obtain the CSRF token and perform arbitrary actions as the logged-in user. As I don’t write a lot of Javascript I didn’t attempt to write a payload to subsequently exploit CVE-2021-1541. Note however that due to lacking Content-Security-Policy headers you can use CVE-2021-1543 to include remote Javascript code. So you’re not limited by the packet size of the abused L2 protocol. I guess with enough experience and determination one could concoct a payload to do anything in the UI.” 

The XSS defect is due to inspections by the web-based management interface of the device being submitted by the user. An attacker could use this error by deceiving the victims into clicking a malicious link and accessing a certain page. The attacker may induce weakness in running arbitrary script code in connection with the affected interface or access sensitive, browser-based information. 

The HTML Injection Vulnerability is caused by faulty parameter checks on affected pages. In order to address certain vulnerabilities, Cisco has published software updates. 

Cisco Smart Install Protocol is Still Being Exploited in Cyber-Attacks

 

Five years after Cisco issued its first warning, the Smart Install protocol is still being utilized in assaults, and there are around 18,000 internet-exposed devices that might be targeted by hackers. Smart Install is a plug-and-play configuration and image-management technology from Cisco that allows new switches to be deployed with zero-touch. Smart Install can be extremely important to organizations, but it can also be a significant security concern. 

A Smart Install network consists of a group of networking devices known as clients that are served by a common Layer 3 switch or router that serves as a director. You can use the Zero-Touch Installation process in a Smart Install network to install new access layer switches without the help of the network administrator. The director acts as a central management point for client switch images and configuration. When a new client switch is added to the network, the director immediately recognizes it and determines which Cisco IOS image and configuration file should be downloaded. 

The function remains enabled and can be accessed without authentication once a device has been set up via Smart Install. Malicious actors have been able to remotely target devices with Smart Install enabled, including reloading devices, loading a new operating system image, and running arbitrary commands with elevated privileges. 

After an exploitation tool was made public in 2016, Cisco issued a warning on the misuse of Smart Install. In 2017 and 2018, the company sent more alerts, identifying hundreds of thousands of vulnerable devices, including those in critical infrastructure organizations. In 2018, it was revealed that hacktivists targeted the Smart Install function in assaults on Cisco switches in Iran and Russia as part of an ostensibly pro-US attack, as well as a state-sponsored cyberespionage group affiliated to Russia. 

In 2016, the number of networking equipment vulnerable to Smart Install assaults surpassed 250,000, but by 2018 it had reduced to 168,000. The Shadowserver Foundation is still keeping track of the number of potentially susceptible devices, reporting that almost 18,000 are currently online, including many in North America, South Korea, the United Kingdom, India, and Russia. 

Last month, Lumen Technologies' Black Lotus Labs cybersecurity unit discovered that a hacktivist group had compromised at least 100 internet-exposed routers belonging to both public and private sector entities, most of which were based in the United States.

Cisco Discovers High-Severity Flaws in its Software

 

The IT and networking giant Cisco has outlined multiple vulnerabilities in its Webex, SD-WAN, and ASR 5000 devices, that could potentially allow an arbitrary code execution by the attackers for the legitimate reason. 

Although Cisco has provided patches for a wide range of vulnerabilities, particularly updates for high-risk issues in the widely used Webex Player, SD-WAN, and ASR 5000 Series. 

A total of three flaws of high severity ( CVSS score of 7.8 ) have been addressed and patched for Windows and macOS in Webex Player, two of those also compromise the operating systems' Webex Network Recording Player. 

The first bug, CVE-2021-1526, is a problem of memory degradation that can be exploited by arbitrary code on a vulnerable computer. Manipulated Webex Recording Format(WRF) files could misuse the vulnerabilities. 

The problem affects the Cisco Webex Player for Windows and macOS launches before the 41.5 version of it but does not influence the Webex Network Recording Player. 

Memory corruption problems that harm both the Webex Network Recording Player and Webex Player are indeed the following two vulnerabilities - the CVE-2021-1502 and the CVE-2021-1503 - on Windows and macOS both. 

Both can be used to arbitrarily execute code on the system concerned. Both of these issues are resolved in version 41.4 of Webex player and Webex Network Recording Player. 

In addition, recently, Cisco issued updates for SD-WAN software CVE-2021-1528 a high risk (CVSS score of 7.8), that might be used to get high privileges on a vulnerable server. This bug affects the SD-WAN versions 20.4 and 20.5 (vBond Orchestrator, vEdge Cloud, and vEdge Routers and vManage, vSmart Controller) but has been addressed with version 20.4.2 and 20.5.1 of SD-WAN. 

Cisco has also issued updates that might be leveraged to bypass permission and execute CLI commands on a damaged computer for several vulnerabilities in the ASR 5000 Series Software (StarOS). CVE 2021-1539 is the most significant of these defects (CVSS score of 8.1). 

Cisco urges consumers to upgrade to each product's patched versions as soon as possible. Furthermore, the corporation emphasizes that it is not known that these vulnerabilities are exploited in attacks. Cisco has also released information on other medium-risk vulnerabilities affecting its portfolio of different products, including Webex Meetings, Webex Player, ThousandEyes Recorder, IP cameras Video Surveillance 7000, and Common Services Platform Collector (CSPC). 

The Company also highlighted that several vulnerabilities detected in the frame aggregation and fragmentation features following 802.11 standards have affected several of its products. An attacker could easily misuse such defects to forge encrypted frameworks and to exfiltrate sensitive device data.

BGP Leak Causes 13x Spike in Misdirected Traffic

 

An enormous BGP routing leak that occurred on 16th April 2021 disrupted the connectivity for a great many significant organizations and sites all across the planet. Albeit the BGP routing leak happened in Vodafone's independent network (AS55410) situated in India, it has affected U.S. organizations, including Google, as indicated by sources. 
 
BGP or Border Gateway Protocol is the thing that makes the modern-day internet work. It is akin to having a "postal system" for the web that works with the redirection of traffic from one (autonomous) system of networks to another. The web is a network of networks, and for instance, a client situated in one nation needed to get to a site situated in another, there must be a system set up that understands what ways to take while diverting the client across different networked systems. And, that is the reason for BGP: to coordinate web traffic effectively over different ways and systems between the source and destination to make the internet function.

On 16th April 2021, Cisco's BGPMon detected a disparity in an internet routing system, possibly demonstrating some BGP hijacking activity taking place: "Prefix 24.152.117.0/24, is normally announced by AS270497 RUTE MARIA DA CUNHA, BR." "But beginning at 2021-04-16 15:07:01, the same prefix (24.152.117.0/24) was also announced by ASN 55410," stated BGPMon's announcement. 

Doug Madory, director of Internet analysis at Kentik further affirmed these discoveries expressing that the autonomous system ASN 55410 was seeing a 13 times spike in inbound traffic directed to it. The said autonomous system (AS55410) belongs to Vodafone India Limited.

“We have done a complete analysis of the reported matter and have not observed any issue in routing security at our end. A wrong advertising of the routing table publishing made by one of our Enterprise customers had led to this incident. This was responded to immediately and rectified,” a Vodafone Idea Ltd spokesperson said.

"This incident only affected traffic for about 10 minutes, but during that time there were likely countless internet connection problems for users around the world." "Anyone trying to reach web resources configured with the IP addresses in the routes that were leaked would have had their traffic misdirected to AS55410 in India and then dropped," Doug Madory from Kentik told BleepingComputer in an email interview.

Snort Vulnerability Leads Various Cisco Products Exposed to Vulnerabilities

 


Earlier this week, the company told its customers that several Cisco products have been exposed to DoS (Denial of Service) attacks due to Snort detection engine vulnerability. Known as CVE-2021-1285, the flaw is rated high severity, and hackers can exploit it. The attacker must be on the layer 2 domain similar to the victim, as to compel a device to fall to a DoS attack via sending it specifically made Ethernet frames. As per Cisco, the flaw exists in the Ethernet Frame Decoder part of the Snort. 

The vulnerability affects all variants of the famous intrusion detection and intrusion prevention system (IDS/IPS) made before 2.9.17, which has a bug patch. According to Security Week, "Snort is an open-source tool developed by Cisco that provides real-time traffic analysis and packet logging capabilities. It has been downloaded millions of times and it has more than 600,000 registered users, with Cisco claiming that it’s the most widely deployed IPS in the world. The alpha version of Snort 3 was announced in December 2014 and now it has finally become generally available."

Catalyst Edge software and platform, 1000v series Cloud Services Router products, and Integrated Service Router (ISR) are said to be affected by the CVE-2021-1285. But they'll be affected only if they are using a version of Cisco UTD Snort IPS engine software that is vulnerable for IOS XE or Cisco UTD Engine for IOS XE SD-WAN, and if these are configured to pass through the Ethernet frames to Snort. According to Cisco, the flaw is linked to FTD (Firepower Threat Defense) issue that was patched in October last year. 

The vulnerabilities were found during solving a support case, however, no evidence has been found to point that these vulnerabilities were exploited in any attacks. Besides this, on Wednesday Cisco issued an advisory on few other vulnerabilities, of medium severe ratings. "These impact Webex, SD-WAN, ASR, Network Services Orchestrator, IP phones, and Email Security Appliance products, and they can lead to information disclosure, path traversal, authorization bypass, DoS attacks, privilege escalation, and SQL injection," says SecurityWeek.

Cisco Shows no Intentions on Patching EOL Vulnerabilities

 

Cisco, an American Multinational Conglomerate stated this week it does not plan on fixing vulnerabilities in end-of-life (EOL) Cisco routers, more than 70 vulnerabilities were spotted in CISCO’s Small Business RV110W, RV130, RV130W, and routers. Despite these vulnerabilities, the company has no intentions to fix these patches.

Cisco stated that these devices have reached end-of-life (EOL) hence there is no point in fixing the Cisco routers. The deadline regarding software maintenance releases and bug fixes was December 1, 2020. Cisco has released software updates to fix these vulnerabilities and said they are not mindful of threat actor exploits targeting the vulnerabilities.

CVE-2021-1144 recognized as a high severity bug (CVSS score of 8.8) in Connected Mobile Experiences (CMX) is the most valuable flaw which can be exploited by threat actors to alter the passwords for any user account on the system which includes administrator accounts as well. Threat actors can exploit the vulnerability by sending an altered HTTP request to a susceptible device.

CVE-2021-1237 (CVSS score of 7.8) is tracked as another high severity flow, it was detected in the AnyConnect Secure Mobility Client for Windows, influencing the Web Security Agent Components and the endpoint solution’s Network Access Manager. This vulnerability could be exploited by an authenticated and local threat actor for Dynamic Link Library (DLL) installation.

Cisco stated that “an attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system which, in turn, causes a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges”.

Cisco issued 18 other recommendations explaining medium severity bugs in Proximity Desktop for Windows, ASR 5000 routers, Enterprise NFV Infrastructure Software (NFVIS), Webex, Finesse, Firepower Management Center (FMC), Video Surveillance 8000 IP Cameras, Unified Communications products, DNA Center, AnyConnect Secure Mobility Client, and CMX API authorizations.

Cisco's Routers. Switches and IP Equipment Suffer Zero-Day Attacks! Major Vulnerabilities Discovered!


The extremely well-known Cisco’s products, including IP Phones, Routers, cameras, and switches, were determined to have several severe “zero-day” vulnerabilities by researchers in the “Cisco Discovery Protocol (CDP)”, per sources.

CDP is a proprietary “Layer 2” network protocol that is put into effect in all the Cisco devices to be privy to the mechanisms of the devices.

Reports mention that a total of five vulnerabilities were ascertained out of which, four were “Remote Code Execution” (RCE) that let hackers or any other cyber-con to manipulate every single operation of the devices without any sort of consent of the user.

According to sources, one of the vulnerabilities led to a “Denial of Service” in the Cisco FXOS, NX-OS and IOS XR software that ended up damaging the victims’ networks

By exploiting the vulnerabilities effectively, numerous organizations’ and companies’ networks were smashed, costing all the affected parties heavily.

Per legitimate sources, following is the list of all the vulnerable devices in the represented categories:

Switches
• Nexus 1000 Virtual Edge
• Nexus 1000V Switch
• Nexus 3000 Series Switches
• Network Convergence System (NCS) 1000 Series
• Network Convergence System (NCS) 5000 Series
• Network Convergence System (NCS) 540 Routers
• Network Convergence System (NCS) 5500 Series
• Network Convergence System (NCS) 560 Routers
• MDS 9000 Series Multilayer Switches
• Nexus 5500 Series Switches
• Nexus 5600 Series Switches
• Nexus 6000 Series Switches
• Nexus 7000 Series Switches
• Nexus 9000 Series Fabric Switches
• Network Convergence System (NCS) 6000 Series
• UCS 6200 Series Fabric Interconnects
• UCS 6300 Series Fabric Interconnects
• UCS 6400 Series Fabric Interconnects

IP Phones
• Unified IP Conference Phone 8831
• Wireless IP Phone 8821-EX
• Wireless IP Phone 8821
• IP Conference Phone 7832
• IP Conference Phone 8832
• IP Phone 6800 Series
• IP Phone 7800 Series
• IP Phone 8800 Series
• IP Phone 8851 Series

IP Cameras
• Video Surveillance 8000 Series IP Cameras

Routers
• IOS XRv 9000 Router
• Carrier Routing System (CRS)
• ASR 9000 Series Aggregation Services Routers
• Firepower 1000 Series
• Firepower 2100 Series
• Firepower 4100 Series
• Firepower 9300 Security Appliances
• White box routers running Cisco IOS XR

The exploitation of the other four Remote Execution vulnerabilities could be in a way that a “maliciously” fabricated “CDP Packet” could be sent on the targeted Cisco devices and have their mechanisms altered.

There’s a vulnerability that could be hunted down or traced by (CVE-2020-3119). It helps the attackers to completely override the default switch and network infrastructure settings.

One of the vulnerabilities which could be traced as (CVE-2020- 3118), could help attackers gain control of the target’s router via remote code execution and use it in any harmful way they find acceptable.

Cisco’s 800 series IP cameras were vulnerable to attackers’ remote code execution. The vulnerability could be located as (CVE-2020-3110)

According to sources, in the other Cisco “Voice over IP Phone” vulnerability, an overflow in the parsing function could be exploited to access “code execution”. This vulnerability could be traced to (CVE-2020-311).

The troubles this vulnerability could cause an organization are manifold.
Acquiring access to other devices via “man-in-the-middle” attacks.
Damaging the network’s structure
“Data Exfiltration”, ranging from network traffic to sensitive information and personal phone calls, by the help of manipulated routers and switches.

Per reports, Cisco has come up with patches and the users are directed to employ them without any further delay.
[CVE-2020-3111
CVE-2020-3118
CVE-2020-3120
CVE-2020-3110
CVE-2020-3119]


Vulnerability found in Cisco Webex Meeting Suit- Lets unauthorized attackers join private meetings


Cisco Webex Meetings Suite, a platform that offers its customers to organize online meetings and seminars anytime anywhere, has revealed a security vulnerability that allows an unauthorized attacker to enter a password-protected meeting without the password.


The Vulnerability -
The vulnerability allows the attacker to join a meeting if they have the meeting ID or meeting URL from the mobile device browser. Then the browser will launch the meeting on Webex mobile application, and then the unauthenticated user can join the password-protected meeting without the said browser. “The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee,” reads the Cisco blog post.

This makes it quite easy to track the unauthorized individual as they will be visible as a mobile attendee. This Cisco Webex vulnerability has received a score of 7.2 out of 10 (can be tracked as CVE-2020-3142). Cisco Product Security Incident Response Team (PSIRT) said that they have not yet faced an attacker exploiting the vulnerability. Versions with the vulnerability - The vulnerability is seen in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online versions earlier than 39.11.5 and 40.1.3. Though Cisco says that the Webex meeting server is unaffected with the vulnerability.

After discovering the vulnerability, Cisco has now released a new version fixing the vulnerability in versions 39.11.5 and later 40.1.3 for Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites. “The fix applies to Cisco Webex Meetings Suite sites and Cisco Webex Meetings sites only. Customers are not required to update the Cisco Webex Meetings mobile application or the Cisco Webex Meetings desktop application.”

Cisco recently fixed 11 more bugs in Cisco Data Center Network Manager when the faults let hackers RCE, SQL Injection, and Authentication Bypass Attacks. Cisco is expected to fix the bug soon. The users are advised to stay careful of any suspicious activity and report to the company immediately if they found any malicious activity on the platform.

Cisco faces criticism after a hacker finds 120+ bugs in its product



A triad of severe vulnerabilities in Cisco DCNM (Data Center Network Manager) stock allows hackers to remotely sidestep the verification and invade into companies’ servers, the reason being a few safety failures that include hard-coded creds.

The 3 vulnerabilities were in the huge 120 vulnerabilities list in the stock discovered by the hacker Steven Seeley, who currently works for Source Incite. It was Steven who informed the company about the issue through a glitch hunt program called Zero Day Initiative, by Trend Micro. 

In an interview with Computer Business Review, he Australian cybersecurity specialist/hacker said that "the group of 3 vulnerabilities are the most dangerous among the 120 vulnerabilities, and if the hackers get a hand of it, they can exploit it using execution as root through remote code. It is as simple as that."

Simon further says that by exploiting these vulnerabilities, the hacker could easily gain access to almost anything like personal information, credentials, and passwords.
"I was rejected by the company Cisco after 8 interviews," said Simon on Twitter.

In response to the situation, Cisco has urged its users to update their systems and software, as to stay safe from the bugs. Earlier this week the company said, "we have repaired the vulnerabilities in and users are requested to immediately update the software."

Unfortunately, the readers of Computer Business Review are well aware that not all the products were built to be the same when it comes to patch management, the issue being that most of the critical bugs are neglected by the company.

In a conversation with Computer Business Review, Simon said that he will release the source codes this coming week. He mentioned that the vulnerabilities were very minor to exploit, but it did consume mind-boggling research to find the bugs in the starting phase. "The research consumed a whole month along with reviewing the code origin and debugging the run-time."

Cisco says the trio of the vulnerabilities is not dependent on each other. A single vulnerability itself is capable of the exploit, let alone the trio. Cisco has released the latest security patch on its website. The users who have still not updated it can install it from the 'download center' on the website.

Cisco devices has critical vulnerabilities





Security researchers have found many serious vulnerabilities inside dozens of Cisco devices.

A cybersecurity company Red Baron claims that the Cisco 1001-X comes with two major flaws. One is a software flaw inside Cisco’s router’s operating system, which would allow hackers root access. The second flaw is much more dangerous as it allows potential malicious actors to bypass the router’s security feature, Trust Anchor. 

The second flaw “means we can make arbitrary changes to a Cisco router, and the Trust Anchor will still report that the device is trustworthy. Which is scary and bad, because this is in every important Cisco product. Everything,” Ang Cui, the founder, and CEO of Red Balloon explained.

In the meantime, the firm released a fix for the first flaw, but are still working on the second one. “The Trust Anchor module is not directly involved in the work demonstrated by Red Balloon,” a spokesperson told Wired.

It is believed that the vulnerability could become serious if not handled carefully and on time. 


Cisco announces its intent to acquire OpenDNS

 
Cisco announced on June 30 its intent to acquire OpenDNS, a security company which provides advanced threat protection for any device, anywhere and anytime based in San Francisco.

It is said that the acquisition will boost Cisco's Security everywhere approach by adding broad visibility and threat intelligence from the OpenDNS cloud delivered platform.

According to the press statement issued by the organization, the OpenDNS team will join the Cisco Security Business Group. As per the agreement, Cisco will pay $635 million in cash and assumed equity awards, plus retention based incentives for OpenDNS. The acquisition is expected to close in the first quarter of fiscal year 2016, subject to customary closing conditions.

The press statement said that the burgeoning digital economy and the Internet of Everything (IoE) are expected to spur the connection of nearly 50 billion devices by 2020, creating a vast new wave of opportunities for security breaches across networks. The faster customers can deploy a solution, the faster they can detect, block and remediate these emerging security threats.

“OpenDNS' cloud platform offers security delivered in a Software-as-a- Service (SaaS) model, making it quick and easy for customers to deploy and integrate as part of their defense architecture or incident response strategies. By providing comprehensive threat awareness and pervasive visibility, the combination of Cisco and OpenDNS will enhance advanced threat protection across the full attack continuum before, during and after an attack,” the statement read.

The statement added that OpenDNS' broad visibility, unique predictive threat intelligence and cloud platform with Cisco's robust security and threat capabilities will increase awareness across the extended network, both on- and off-premise, reduce the time to detect and respond to threats, and mitigate risk of a security breach.

Hilton Romanski, Cisco chief technology and strategy officer, said that many people, processes, data and things connected because of which opportunities for security breaches and malicious threats grow exponentially when away from secure enterprise networks.

“OpenDNS has a strong team with deep security expertise and key technology that complements Cisco's security vision. Together, we will help customers protect their extended network wherever the user is and regardless of the device,” Romanski added.