Blog

Cisco Data Center Manager Software Users Should Patch Immediately

Aug 11, 2020 | Blog

Do you use Cisco’s Data Center Manager Software? If so, be advised that the company recently issued an advisory concerning a serious security flaw.

The advisory reads, in part, as follows:

“The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.

A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system.”

The bug is being tracked as CVE-2020-3382. The essence of the issue is that an attacker can use the static key to generate a valid session token on an affected device and make use of the REST API with administrative privileges. This would allow them to do pretty much anything they please.

There are no known workarounds for the issue, and it affects DCNM versions 11.0, 11.1, 11.2, and 11.3. If you’re currently running any of those, you’ll want to update to the latest version right away. This one has a severity rating of 9.8 out of a possible 10.

The company was quick to point out that there have been no known instances of hackers actually making use of this exploit yet. However, given its severity and the fact that there are no workarounds for it, your best bet is to update your software as soon as possible.

Be sure your IT staff is aware, and make sure they make updating a high priority. This one’s serious enough to warrant immediate attention.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech