HOME
Technology
Life
Discover science
Medicine - Health
Event
EntertainmentCisco warns 2 serious security errors
Cisco Systems has just released a newsletter warning users about two serious security flaws in Cisco NAC Appliance network control device.
Information from the manufacturer indicates that these two security flaws can be exploited by hackers to gain control over a device that makes a mistake or steals sensitive information such as a login password .
Cisco NAC Appliance - also known as Cisco Clean Access (CCA) - is the device responsible for confirming peripherals that require connection to the network of the enterprise that meets the requirements. Privacy Policy.
The first error
The first security error is named " Unchangeable Shared Secret ". This error stems from the fact that Shared Secret data is not set up or changed properly during device installation. In other words, Shared Secret data is the same on every device.
Shared Secret is the data that allows Clean Access Manager (CAM) to send authentication certificates to the device to Clean Access Server (CAS).
To successfully exploit the " Unchangeable Shared Secret " error, hackers must establish a TCP connection to CAS. If successful, the hacker will gain administrator-level control to any CAS.
CCA versions have a " Unchangeable Shared Secret " error that includes versions 3.6.x to 3.6.4.2 and version 4.0.x to 4.0.3.2.
Users are advised to upgrade to version 3.6.4.3, 4.0.4 and 4.1.0 or visit the Cisco website to download the patch called Patch-CSCsg24153.tar.gz. Note that only customers who have signed up for the Cisco Service Agreement can access the download patches.
The second error
The second security error is named " Readable Snapshots ". With this error, hackers can use brute-force attack to download the backup database - also known as snapshots - on CAM without the need for authorization. Meanwhile, those backup files are not encrypted or protected by any solution.
More dangerous than those snapshot files contain information that can assist hackers in attacking CAS or used to hijack CAM.
The error versions include CCA version 3.5.x to 3.5.9 and 3.6.x version to 3.6.1.1. Users are advised to upgrade to version 3.5.10 and 3.6.2.
Currently Cisco has not released an update of snapshot patch. However, the manufacturer recommends that users move the snapshot files out of the device immediately after performing a backup.
The group that reacts quickly to Cisco's security situations claims that until now, there has not been any code that exploits the bug that could attack the two flaws spread to the Internet.
Hoang Dung
- Cisco 3-hole vulnerability in IOS
- Cisco warns of a serious security error CallManager
- A series of Cisco products have serious errors
- Cisco has to fix product security
- Cisco patches the wireless LAN controller
- Add a security error in Cisco products
- Cisco warned a new security vulnerability in ASA and PIX
- 7 Cisco security tips
- Detecting security flaws in Cisco firewall application
- Cisco has not found a vulnerability in PIX
- Hackers start exploiting new Excel errors
- Cisco acquired security company IronPort Systems
What is the Snapdragon SiP chip?
How to create a yellow circle around the mouse cursor on Windows
Edit the Boot.ini file in Windows XP
3 ways to restart the remote computer via the Internet