Cisco this week said it issued a software update to address a vulnerability in its Cisco REST API virtual service container for Cisco IOS XE software that scored a critical 10 out of 10 on the Common Vulnerability Scoring System (CVSS) system.
With the vulnerability an attacker could submit malicious HTTP requests to the targeted device and if successful, obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device, the company said.
Cyber crime is responsible for a staggering amount of damage and chaos around the world. Want to be a part of the solution? Then train for a career in this demanding field with The A to Z Cyber Security and IT Certification Training Bundle.
This e-training bundle is perfect for anyone who has an interest in putting a stop to cyber crime. It includes twelve courses that’ll introduce students to ethical hacking methods, show them how to test a network for weaknesses, and identify problems so they can be fixed prior to being exploited. It’s fast, flexible, and you can even apply your training in preparation for several certification exams
The Internet of Things (IoT) promises some big benefits for organizations, such as greater insights about the performance of corporate assets and finished products, improved manufacturing processes, and better customer services. The nagging security issues related to IoT, unfortunately, remain a huge concern for companies and in some cases might be keeping them from moving forward with initiatives. One possible solution to at least some of the security risks of IoT is microsegmentation, a concept in networking that experts say could help keep IoT environments under control.
VMware has wrapped up its $2.1 billion buy of cloud-native endpoint-security vendor Carbon Black and in the process created a new security business unit that will target cybersecurity and analytics to protect networked enterprise resources.
When VMware announced the acquisition in August, its CEO Pat Gelsinger said he expected Carbon Black technology to be integrated across VMware’s product families such as NSX networking software and vSphere, VMware's flagship virtualization platform. “Security is broken and fundamentally customers want a different answer in the security space. We think this move will be an opportunity for major disruption,” he said.
Cisco this week warned its IOS and IOS XE customers of 13 vulnerabilities in the operating system software they should patch as soon as possible.
All of the vulnerabilities – revealed in the company’s semiannual IOS and IOS XE Software Security Advisory Bundle – have a security impact rating (SIR) of "high". Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to, conduct a command injection attack on, or cause a denial of service (DoS) condition on an affected device, Cisco stated."How to determine if Wi-Fi 6 is right for you"
Two of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. Two others affect Cisco IOS Software, and eight of the vulnerabilities affect Cisco IOS XE Software. The final one affects the Cisco IOx application environment. Cisco has confirmed that none of the vulnerabilities affect Cisco IOS XR Software or Cisco NX-OS Software. Cisco has released software updates that address these problems.