Cisco’s warning: Patch this default Community Assurance Engine password bug


Cisco is urging clients to put in an replace that fixes a high-severity challenge affecting its Community Assurance Engine (NAE) for managing data-center networks. 

The bug, tracked as CVE-2019-1688, may permit an attacker to make use of a flaw within the password-management system of NAE to knock out an NAE server and trigger a denial of service. 

NAE is a crucial data-center community administration software that helps admins assess the affect of community modifications and keep away from utility outages. 

As Cisco explains, the flaw is because of consumer passwords modifications from the web-management interface failing to propagate to the command-line interface (CLI), leaving the previous default password in place within the CLI. The difficulty solely impacts NAE model (1), so older variations aren’t affected.

An area attacker may exploit the bug by authenticating with the default admin password on the CLI of an affected server. From there, the attacker may view delicate info and produce down the server. 

The bug is fastened in Cisco NAE Launch however Cisco notes that to repair the difficulty correctly clients ought to change the admin password after upgrading to that model. 

Cisco additionally has a workaround for the bug, which entails altering the default admin password from the CLI. Nevertheless, Cisco recommends clients contact the Technical Help Heart to do that, in order that the default password might be entered in a safe remote-support session. The password change must be carried out for all nodes within the cluster, it notes. 

Luckily, Cisco’s safety group is not conscious of any dwell assaults utilizing the flaw, which was discovered throughout inner safety testing.

Earlier and associated protection

Cisco warns: Patch now or threat your safety equipment choking on single rogue e mail

One unhealthy e mail may crash your Cisco e mail safety equipment and hold it down because it tries to course of the identical e mail over and once more.

Cisco discloses arbitrary execution in SD-WAN Resolution and Webex

Networking large reveals 23 safety points hitting merchandise together with SD-WAN Resolution, Webex, and small enterprise routers.

Cisco updates SD-WAN portfolio with new safety features

Among the many key updates, Cisco mentioned it is integrating application-aware enterprise firewall, intrusion prevention, and URL filtering into Cisco SD-WAN gadgets.

Cisco: Linux kernel FragmentSmack bug now impacts 88 of our merchandise

Cisco’s checklist of merchandise with a Linux kernel denial-of-service flaw is rising.

Cisco: We have killed one other crucial hard-coded root password bug, patch urgently

This time a 9.eight/10-severity hardcoded password has been present in Cisco’s video surveillance software program.

Cisco crucial flaw warning: These 10/10 severity bugs want patching now

Cisco’s software program for managing software-defined networks has three crucial, remotely exploitable vulnerabilities.

Cisco patches crucial Nexus flaws: Are your switches susceptible?

You may must wade by Cisco’s advisories to work out if software program you are operating is susceptible or already fastened.

Cisco: Replace now to repair crucial hardcoded password bug, distant code execution flaw

Cisco patches two severe authentication bugs and a Java deserialization flaw.

Cisco warns clients of crucial safety flaws, advisory consists of Apache Struts

The large safety replace features a patch for the recently-disclosed Apache bug — however not all merchandise can be fastened but.

Cisco updates ASR 9000 edge routing platform to hold customers to 5G, multicloud world TechRepublic

New automation software program, a brand new networking processor, and a brand new working system will assist Cisco clients make the transition to next-generation networking.

Apple and Cisco pool their may to protect firms from cyber dangers CNET

Apple and Cisco be part of forces to guard companies from threat of cyber threats.