Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK
Internet Download Manager (IDM)

Internet Download Manager (IDM)

Push your Internet connection to the limits and cleverly organize or synchronize download processes with this powerful application

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Soni Typing Tutor

Soni Typing Tutor

Improve your typing speed with the help of this approachable application that provides you with a host of exercises as well as tests

FULL VERSION + CRACK

IT News

Jun 19
The social media powerhouse plans to launch a blockchain-based financial network and cryptocurrency in 2020 that will allow users to make purchases or transfer funds with just a couple taps on an app.
Jun 18
MongoDB aims to prevent exposed data stores by encrypting data in a way that makes it useless if compromised.
Jun 18
State of CSS 2019 report details which CSS features and tools developers use, which they don't use, and which they prefer
Jun 18
VMware punched up its data center network virtualization capabilities by announcing it would buy Avi Networks load balancing, analytics and application delivery technology
Jun 18
Report: Mirai tries to hook its tentacles into SD-WAN
Palo Alto Networks' security team says an update of the infamous IoT-focused Mirai software targets enterprise-grade SD-WAN appliances
Jun 14
For years we've been flailing around in the dark after bad patches wreaked havoc on Windows PCs. It often took days, or weeks, to identify bugs based on sporadic reports. The last two months have seen improvement, but there's still a...
Jun 13
Many believe the ban on exporting U.S. technology to Chinese company Huawei could hurt American tech vendors and do little to mitigate supply chain threats.

Categories

Cisco warns WLAN controller, 9000 series router and IOS/XE users to patch urgent security holes

Cisco this week issued 31 security advisories but directed customer attention to "critical" patches for its IOS and IOS XE Software Cluster Management and IOS software for Cisco ASR 9000 Series routers. A number of other vulnerabilities also need attention if customers are running Cisco Wireless LAN Controllers.

The first critical patch has to do with a vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to send malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device, Cisco said.

The problem has a Common Vulnerability Scoring System number of 9.8 out of 10.

According to Cisco, the Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:

Cisco says the vulnerability can be exploited during Telnet session negotiation over either IPv4 or IPv6. This vulnerability can only be exploited through a Telnet session established to the device; sending the malformed options on Telnet sessions through the device will not trigger the vulnerability.

The company says there are no workarounds for this problem, but disabling Telnet as an allowed protocol for incoming connections would eliminate the exploit vector. Cisco recommends disabling Telnet and using SSH instead. Information on how to do both can be found on the Cisco Guide to Harden Cisco IOS Devices. For patch information go here.

The second critical patch involves a vulnerability in the sysadmin virtual machine (VM) on Cisco's ASR 9000 carrier class routers running Cisco IOS XR 64-bit Software could let an unauthenticated, remote attacker access internal applications running on the sysadmin VM, Cisco said in the advisory.  This CVSS also has a 9.8 rating.

Cisco said the vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both denial of service (DoS) and remote unauthenticated access to the device, Cisco stated.

Cisco has released free software updates that address the vulnerability described in this advisory.

Lastly, Cisco wrote that multiple vulnerabilities in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could let an authenticated, remote attacker cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a DoS condition on an affected device. The attacker would need to have valid administrator credentials on the device for this exploit to work, Cisco stated.

"These vulnerabilities are due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature," Cisco stated.

"These vulnerabilities have a Security Impact Rating (SIR) of High because they could be exploited when the software fix for the Cisco Wireless LAN Controller Cross-Site Request Forgery Vulnerability is not in place," Cisco stated.  "In that case, an unauthenticated attacker who first exploits the cross-site request forgery vulnerability could perform arbitrary commands with the privileges of the administrator user by exploiting the vulnerabilities described in this advisory."

Cisco has released software updates that address these vulnerabilities and said that there are no workarounds.

This story, "Cisco warns WLAN controller, 9000 series router and IOS/XE users to patch urgent security holes" was originally published by Network World.