iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Dolby Access

Dolby Access

Take advantage of stunning sound quality and realism in your multimedia experiences, with sound that surrounds you with the help of this app that gives you a free trial of Dolby Atmos.

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK

IT News

Feb 19
Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.
Feb 19
Creating an immutable ledger to track metadata associated with published content shows promise as a method for identifying authentic news.
Feb 18
IT admins who signed up for Windows 7 post-retirement support found out there's a new prerequisite that has to be installed before they can download patches they've already paid for.
Feb 17
Command-line interface to the code hosting platform can be used for issues and pull requests
Feb 15
Employers that rely on foreign national talent face new electronic filing system and modified registration timeline for FY 2021 filing period.
Feb 14
Arista confirmed what had been rumored for the past few weeks, that it has acquired software-defined networking/cloud software vendor Big Switch Networks for an undisclosed amount.
Feb 14
The flaws could let a hacker alter, stop or expose how a person has voted.

Categories

Cisco issues firewall, SD-WAN security warnings

Amongst Cisco's dump of 27 security advisories today only one was rated as critical - a vulnerability in its Firepower firewall system that could let an attacker bypass authentication and execute arbitrary actions with administrative privileges on a particular device.

The Firepower Management Center (FMC) vulnerability - which was rated at 9.8 out of 10 - comes from improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. With it, an attacker could exploit the vulnerability by sending crafted HTTP requests to an affected device and gain administrative access to its web-based management interface.

Cisco said the vulnerability affects its FMC Software if it is configured to authenticate users of the web-based management interface through an external LDAP server.

Customers may install a fix either by upgrading to a software release that addresses the flaw or by installing a hotfix patch. A menu of fix options reads:

A couple of the other security advisories were directed at Cisco's SD-WAN package. The first involves a weakness in Cisco IOS XE SD-WAN Software that could let an unauthenticated, local attacker gain unauthorized access and completely control an affected device.

The vulnerability is due to the existence of default credentials within the default configuration of an affected device, Cisco stated. An attacker who has access to an affected device could log in with elevated privileges. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.

The second SD-WAN-related problem is in CLI of the Cisco SD-WAN Solution vManage software. An exploit could let the attacker elevate privileges to root-level privileges.  The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. This vulnerability affects Cisco SD-WAN Solution vManage Software Release 18.4.1, Cisco stated.

Cisco said it has released software updates for both SD-WAN vulnerabilities.

A couple of the other highly rated vulnerabilities were in Cisco's implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The other vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition, Cisco stated.

Cisco has released free software updates that address the vulnerabilities.

This story, "Cisco issues firewall, SD-WAN security warnings " was originally published by Network World.