Reviews

Critical Faults In Cisco Allow You To Run Commands As Administrator

On many occasions, vulnerabilities appear that can compromise the security of our devices. It affects all types of operating systems, programs, and any platform that we use. Hackers can exploit this to carry out their attacks. Hence it is essential to correct the errors. In this article, we report on a series of critical flaws that affect Cisco, allowing an attacker to create administrator accounts and execute commands as root.

New vulnerabilities put Cisco in check

These are critical bugs that affect SD-WAN vManage software and HyperFlex HX. This could allow a hypothetical attacker to control as if they were an administrator and could execute arbitrary commands.

The company has released updates to correct this problem, so users should update as soon as possible. These vulnerabilities have been classified as high and medium severity precisely because of what we discussed about the possibility of carrying out remote attacks with administrator permissions.

This escalation of privileges could also lead to the denial of services on unpatched servers. Although the company has indicated that they have no evidence that there has been an attack taking advantage of these vulnerabilities, the truth is that they can be exploited both remotely and internally.

An attacker could not only carry out code execution remotely but also access and steal confidential information. This is something that could affect both home users and companies and organizations.

These flaws could be exploited locally by authenticated attackers to gain elevated privileges or unauthorized access to an attack-vulnerable application.

The errors critical security Cisco have been registered as CVE-2021-1497, CVE-2021-1468, and CVE-2021-1505, with a score from 9.1 to 9.8 out of 10. In particular are the following vulnerabilities:

  • CVE-2021-1468: Cisco SD-WAN vManage Unauthorized Message Processing Vulnerability
  • CVE-2021-1505: Cisco SD-WAN vManage Privilege Escalation Vulnerability
  • CVE-2021-1497: Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability

Remember that these failures only affect the software that operates in a cluster, as indicated by Cisco.

How To Correct This Problem

The company itself indicates that customers can check if the software is operating in cluster mode. To do this, go to Administration> Cluster Management in the Cisco SD-WAN vManage web-based management interface.

Keep in mind that it is not the first problem of this type that we have seen in recent months. Vulnerabilities may appear that are exploited by attackers, as we see. Hence the importance of always keeping equipment updated. There are many devices that we use. We have already seen that there are differences between router and access point, but you always have to install the latest versions.

Therefore, there is no better way to correct this problem and other similar vulnerabilities that may appear always to keep systems and devices with the latest versions. We will not only improve performance but also fix security issues that may arise. The objective is to prevent the entry of intruders that could compromise us.

Also Read: Bitcoin Currency: Some Interesting Facts

See Also : https://www.gravtechnology.com/app-development-write-for-us/

Review Critical Faults In Cisco Allow You To Run Commands As Administrator. Cancel reply

Techies Line

Share
Published by
Techies Line

Recent Posts

Tennis Betting Odds

Watching tennis games or attending live shows is not a big event like the Super… Read More

October 11, 2021

7 Writing Apps for Bloggers, Writers & Authors

7 Writing Apps for Bloggers, Writers & Authors Bloggers, writers, and authors face various challenges… Read More

October 1, 2021

Node JS course: The Overview

Node JS is a kind of software that has become really essential in order to… Read More

September 29, 2021

Engagement and Inspiration for E-learners

According to Forbes magazine, the e-learning market is estimated to reach $325 Billion by 2025.… Read More

September 27, 2021

Certified Scrum Product Owner® Certification: Your Gateway to Success

In the present scenario, there is a growing demand for skilled product owners in the… Read More

September 24, 2021

Here’s What You Actually Need to Know About Professional SEO

Professional SEO: Did you know that Google accounted for more than 70% of desktop search… Read More

September 17, 2021