The company also issued a “high” security alert advisory for the Nexus 9000, with a CVSS severity rating of 10. 0. This involves an exploit that enables attackers to execute arbitrary operating-system orders as root on an impacted device. So as to do well, an attacker will need legitimate administrator credentials for the device, Cisco said.

The particular vulnerability is due to overly broad system-file accord where an attacker could exploit this vulnerability by authenticating to an impacted device, creating a crafted order string and writing this crafted string to a specific file location.

Essential vulnerabilities Cisco’s web-based management interface
Multiple critical vulnerabilities in the web-based management interface of Cisco Perfect Infrastructure (PI) and Gresca Evolved Programmable Network (EPN) Manager were revealed yesterday. These vulnerabilities could allow a remote attacker to gain the opportunity to execute arbitrary code with elevated benefits on the actual operating system. These vulnerabilities affect Gresca PI Software Releases before to 3. 4. just one, 3. 5, and 3. 6, and EPN Supervisor Releases prior to 3. 0. 1

One of these issues, CVE-2019-1821, can be exploited by an unauthenticated attacker that has network access to the impacted administrative interface. For the second and 3rd issues(CVE-2019-1822 and CVE-2019-1823), the attacker needs to have appropriate credentials to authenticate to the impacted administrative software.

Cisco released software improvements that address these weaknesses. There are no workarounds that address these weaknesses.

Buy WS-C2960+24PC-S at linknewnet.com

Add This Entry To Your CureZone Favorites!