Cisco patches critical authentication flaws

walden, system, systems, walden systems, rita, firewall, port, forward, up, protect, intrusion, security, traffic, DMZ, block, protection, walden systems, walden, systems, network, fire, wall, hack, intrusion, cisco, router, network, switch, hub, IoT, traffic
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.



     Cisco pushed out seven high-severity fixes for its SD-WAN solution for business users, and a patch for a DoS flaw in the Cisco Nexus 9000 Series Fabric Switches. Cisco patched four critical security vulnerabilities surrounding a lack of authentication requirements in its Policy Suite for mobile carriers. These would allow remote hackers to steal information, compromise wireless subscriber account information, access databases or change business logic in order to cover for other malicious activities. Cisco's Policy Suite provides real-time management of subscribers, applications and network resources based on service provider configured business rules. It hooks in with network routers and packet data gateways on the network side, as well as back-office and OSS functions, including billing.

     The first vulnerability is an unauthenticated bypass bug, CVE-2018-0374, could allow a remote hacker to connect directly to the Policy Builder database to make changes and tamper with business rules without logging in or having credentials. The second issue is a default password error in the Cluster Manager of Cisco Policy Suite, CVE-2018-0375. Since there are undocumented, static user credentials for the root account, a hacker could uncover what these are, and use them to log in and execute arbitrary commands as the root user. The third flaw, CVE-2018-0376, ios in the Policy Builder interface. There are no authentication measures on the module. A remote hacker can log onto the Policy Builder interface with no credentials and make changes to existing repositories . Cisco Policy Suite versions prior to 18.2.0 are affected by these flaws. The fourth bug, CVE-2018-0377, affects the Open Systems Gateway initiative interface of Cisco Policy Suite. There is no authentication within the OSGi interface, which allows hackers to directly connect and access all files, or modify any content. This one impacts Policy Suite versions prior to 18.1.0.




     Cisco has been releasing a flurry of patches. They have pushed out fixes for its SD-WAN solution for business users, with seven high-severity advisories which include an arbitrary file overwrite vulnerability, a zero-touch provisioning denial-of-service vulnerability, a configuration and management database remote code execution vulnerability, and four command injection vulnerabilities. Cisco also rolled out a patch for a high-rated DoS flaw in the Cisco Nexus 9000 Series Fabric Switches and fixes for 16 medium rated issues across a range of products. Last week, Cisco issued advisories for bugs in Cisco IP Phone 6800, 7800 and 8800 Series, along with patches for three medium security flaws in its network security offerings. They also issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS.