HOME
Technology
Life
Discover science
Medicine - Health
Event
EntertainmentCisco has to fix product security
Cisco has just fixed some security flaws in CS-MARS application (Cisco Security Monitoring, Analysis and Response System).
According to the developer, these security flaws can be exploited by remote hackers to gain unauthorized access to sensitive devices.
CS-MARS application checks and monitors security issues on network devices by configuring configurations of routers and switches. At the same time, this application also allows businesses to check their network infrastructure security level by comparing it with the list of detected security errors.
It is known that Cisco's patching vulnerability only affects CS-MARS versions from 4.2.1 or earlier.
Cisco has released a patch to fix the above security vulnerability. Users can download it through its website.
Reason
JBoss web server application in CS-MARS is the cause of the above security error. Hackers can take advantage of this application to remotely log in and send HTTP requests to the CS-MARS application that allows them to execute code with administrative priority.
Yesterday (July 19), security researcher Jon Hart announced a code that proved to be fully capable of exploiting JBoss errors through Full-Disclosure. In my article, this security expert said JBoss version 3.2.7 has a security error in the JMX Console console that shields the server application's microkernel information. JBoss.
Meanwhile, another security bug in the Oracle database comes with CS-MARS and can be used to store network information as well as credentials for loggers, routers or devices. suffering from IPS. However, the Oracle database contains some default login accounts with passwords that everyone knows? Therefore, hackers can easily take away the information in the database to help them attack network devices.
However, CS-MARS application does not use Oracle database default accounts and has overcome the above security error to avoid unauthorized access to the database. Those accounts have been disabled.
In addition, a number of other security flaws in the CS-MARS command-line console can also allow administrators to execute binary code with root level priority.
However, security firm Symantec does not appreciate the above security flaws. Symantec only classified those errors at level 10 on a 10-step ladder to assess the level of risk of security errors.
Hoang Dung
- Cisco warns 2 serious security errors
- Cisco 3-hole vulnerability in IOS
- Add a security error in Cisco products
- Cisco warned a new security vulnerability in ASA and PIX
- 7 Cisco security tips
- Cisco warns of a serious security error CallManager
- Detecting security flaws in Cisco firewall application
- Cisco has not found a vulnerability in PIX
- Cisco acquired security company IronPort Systems
- Cisco and F-Secure have trouble with their own products
- A series of Cisco products have serious errors
- Cisco router error beats the network
What is the Snapdragon SiP chip?
How to create a yellow circle around the mouse cursor on Windows
Edit the Boot.ini file in Windows XP
3 ways to restart the remote computer via the Internet