Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Firewall » Cisco patches serious security flaws found in Prime Infrastructure

Cisco patches serious security flaws found in Prime Infrastructure

The flaws affect the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager.
While two of the flaws required an attacker to have credentials for an attack, the third one could be exploited by an unauthenticated attacker who has the network access.
Cisco has released security updates to patch critical security vulnerabilities discovered in it’s Prime Infrastructure (PI) platform. The flaws were the result of an improper input validation that existed in the web-based management interface of PI, as well as in the Cisco Evolved Programmable Network(EPN) Manager. This could allow remote attackers to execute arbitrary code with elevated privileges.

What are the vulnerabilities?

The three flaws identified were given a CVSS score of 9.8. Among the three, CVE-2019-1821 could be exploited by unauthenticated attackers with network access to the vulnerable interface.
However, CVE-2019-1822 and CVE-2019-1823 required the attackers to have valid credentials for the interface in order to exploit them.
Worth noting

Cisco’s security advisory indicates that the vulnerabilities arose because of PI not handling user-input.

“These vulnerabilities exist because the software improperly validates user-supplied input. An attacker could exploit these vulnerabilities by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system,” read the advisory.

However, the firm has resolved vulnerabilities with software updates. Users are advised to install the updates immediately.

Apart from these updates, Cisco has also recently released over 40 advisories that address numerous security flaws found in some of the products. It includes Cisco NX-OS, Cisco FXOS, Cisco Webex, Cisco Firepower amongst others.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket