Cisco Systems Thread

Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Feb 9, 2018.

  1. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,396
    Messages:
    991
    Likes Received:
    2,236
    Trophy Points:
    156
    Hackers are now attacking Cisco ASA VPN bug
    [​IMG]

    Cisco researchers are now aware of attempted attacks leveraging a vulnerability in its Adaptive Security Appliance.
    Building a slide deck, pitch, or presentation? Here are the big takeaways:
    • A major vulnerability affecting Cisco's Adaptive Security Appliance is now under attack by hackers, according to Cisco.
    • Companies that use a Cisco Adaptive Security Appliance should update the software as soon as possible to avoid issues associated with a recently-discovered flaw.

    A critical flaw in Cisco's Adaptive Security Appliance (ASA) is now under attack, according to a security advisory posted by the company.

    "The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory," the advisory reads. "Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory."

    Cisco has been urging users to patch their systems to protect against a critical VPN vulnerability after it was first reported earlier this week. With actual attacks attempted, though, the need for IT to begin updating ASA systems is paramount.

    SEE: Network security policy (Tech Pro Research)

    The flaw in question affected devices that have the webvpn feature enabled, the advisory said. And it's a major vulnerability: Cisco noted that the flaw received a Common Vulnerability Scoring System (CVSS) score of 10 out of 10—the highest possible rating.

    The flaw, originally reported by Cedric Halbronn from the NCC Group, could affect some 200,000 devices, according to a tweet from security researcher Kevin Beaumont. By sending a specialized XML packets to a webvpn-configured interface, attackers can gain control of the system and reload an affected device, the advisory noted.

    While Cisco originally tried to patch the flaw when it was reported, the firm determined that theoriginal update was "incomplete" and had to later issue a new patch. At that time, though, Cisco wasn't aware of any malicious activity attempting to exploit the flaw.

    Users can find a list of vulnerable Cisco products and steps for determining their product's riskhere. There aren't any workarounds for the vulnerability—IT must patch if it wants to remain safe.
     
  2. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,396
    Messages:
    991
    Likes Received:
    2,236
    Trophy Points:
    156
    Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers
    https://thehackernews.com/2018/03/cisco-pcp-security.html
    [​IMG]
    A medium yet critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system.

    Cisco Prime Collaboration Provisioning (PCP) application allows administrators to remotely control the installation and management of Cisco communication devices (integrated IP telephony, video, voicemail) deployed in the company and services for its subscribers.


    The vulnerability (CVE-2018-0141) is due to a hard-coded password for Secure Shell (SSH), which could be exploited by a local attacker to connect to the PCP's Linux operating system and gain low-level privileges.

    Cisco PCP Hard-Coded Password Flaw

    According to an advisory released by Cisco, with low-level privileges, an attacker could then elevate its privileges to root and take full control of the affected devices.

    Although this vulnerability has been given a Common Vulnerability Scoring System (CVSS) base score of 5.9 out of 10, Cisco has rated this bug as critical, as there are "extenuating circumstances" that could allow attackers to elevate their privileges to root.

    The company itself detected this bug during "internal security testing," and said that it only affects PCP version 11.6, released in November 2016.

    Along with other security patches for its other products, Cisco has patched this vulnerability with the release of Cisco PCP software version 12.1.

    Cisco Secure ACS Remote Code Execution Flaw

    Besides Cisco PCP flaw, the company has also patched a critical Java deserialization vulnerability affecting its Secure Access Control System (ACS), a product that offers authentication, accounting, and authorization services to network devices.


    Cisco Secure ACS flaw (CVE-2018-0147) could allow an unauthenticated attacker to remotely execute malicious code on vulnerable devices with root privileges without requiring any credential, the company said in its advisory.

    This vulnerability has been given a Common Vulnerability Scoring System (CVSS) base score of 9.8 out of 10, rated as critical, as it allows attackers to execute arbitrary commands on the affected device with "root" privileges.

    This flaw affects all versions of Cisco Secure ACS before release 5.8 patch 9. However, systems running Cisco Secure ACS version 5.8 Patch 7 or Patch 8 require authentication in order to exploit this vulnerability, which has been given a CVSS base score of 8.8.

    This vulnerability has been fixed in Cisco Secure ACS 5.8.0.32.9 Cumulative Patch.

    The company is strongly encouraging users to update their software to the latest versions as soon as possible, as there are no workarounds to patch these vulnerabilities.
     
  3. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,396
    Messages:
    991
    Likes Received:
    2,236
    Trophy Points:
    156
    Cisco Stock Split History: Why the Networking Giant Won't Split Anytime Soon
    https://www.nasdaq.com/article/cisc...orking-giant-wont-split-anytime-soon-cm933720
    March 12, 2018, 09:46:00 PM EDT By Dan Caplinger,
    For long-term investors, Cisco Systems (NASDAQ: CSCO) has been huge disappointment for years. After enjoying huge run-ups in the tech boom in the 1990s, Cisco was briefly the most valuable stock in the U.S. market. After the tech bust in the early 2000s, Cisco never regained all of its lost momentum, and share prices have been largely stagnant ever since.

    , as it aimed to overcome falling revenue to make a more lasting impression on the rapidly evolving tech industry. The , and that has gotten some investors excited about the possibility that a return to more regular stock splits might be in Cisco's future. Shareholders shouldn't expect an imminent move, but if Cisco can get back on the technology bandwagon, then it might not be too long before the tech giant returns to its winning ways. Let's look more closely at Cisco to see how it's trying to get back on the upswing.

    Cisco's history of stock splits
    Here are the dates and split ratios for the stock splits that Cisco has done in the past:
    Capture.PNG
    Data source: Cisco investor relations.
    The 1990s were simply an amazing time for Cisco Systems. The company was able to do a stock split on an almost yearly basis, missing 1995 but generally remaining on a steep curve higher.

    Moreover, the share prices at which Cisco made its stock splits were remarkably consistent. Within a year of going public at an IPO price of $18 per share, Cisco traded in the $50s, prompting its first stock split. The following year, the stock had climbed to nearly $80 per share before its next move, and Cisco shares routinely traded roughly in the $80 to $90 range at the time that the company made subsequent splits.

    Later in the decade, Cisco decided to do 3-for-2 splits, letting the share price rise to slightly higher levels before pulling the trigger in 1998. In both 1999 and 2000, Cisco reached triple-digit levels before the company moved forward with 2-for-1 splits.

    Cisco made plenty of tech investors a lot of money. For every IPO share, initial investors in Cisco ended up with 288 shares in early 2000 worth $72 a piece, turning $18 into more than $20,000.

    Image source: Cisco Systems.

    Why Cisco stopped splitting
    Subsequently, Cisco ran into the same tech bust that crushed the rest of the industry. Unlike its competitors, however, Cisco never really recovered from that episode. At its worst levels in 2002, Cisco had lost more than 85% of its value, falling to about the $10 per share level. Even as the rest of the industry recovered, strong competition and some execution miscues on Cisco's part held the stock back. Only in the past year has Cisco gotten back to its 2007 levels, and shares still trade at less than two-thirds of their all-time high.

    Looking forward, there's newfound . The company has returned to revenue growth, and recent tax reform efforts will allow Cisco to repatriate $67 billion in cash for potential use in its U.S. operations. Cisco has paid a dividend in recent years and has been quick to boost its payout, and guidance for the coming year has many people believing that the networking giant is finally getting its momentum back.

    Don't expect splits soon
    Despite its recent success, is still in the $40s. That means investors are going to have to wait a while before the company gets back to a level at which it's likely to make a decision to split its stock. For those who haven't lost faith in the company, the fact that Cisco is starting to rediscover some of the growth prospects that propelled its stock higher in the 1990s will be rewarded enough if it translates to higher share prices in the near future.

    10 stocks we like better than Cisco Systems
    When investing geniuses David and Tom Gardner have a stock tip, it can pay to listen. After all, the newsletter they have run for over a decade, Motley Fool Stock Advisor , has tripled the market.*

    David and Tom just revealed what they believe are the for investors to buy right now... and Cisco Systems wasn't one of them! That's right -- they think these 10 stocks are even better buys.

    to learn about these picks!

    *Stock Advisor returns as of March 5, 2018

    has no position in any of the stocks mentioned. The Motley Fool recommends Cisco Systems. The Motley Fool has a .

    The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
     
  4. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,396
    Messages:
    991
    Likes Received:
    2,236
    Trophy Points:
    156
    Advanced malware attacks PCs through network routers
     
    Vasudev likes this.
  5. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,396
    Messages:
    991
    Likes Received:
    2,236
    Trophy Points:
    156
    Cisco Live Europe 2018: Intelligence-driven Networks Will Be Essential for Powering the Technology of 2050
    https://www.intel.co.uk/content/www/uk/en/it-managers/cisco-live-2018.html
    Highlights and trends from Cisco Live that will drive the evolution of innovation.

    The pace of technical innovation will only increase as new technologies continue to emerge, and as a result, the network will need to be completely reinvented for the digital era. That was the key takeaway from the recent Cisco Live Europe* show in Barcelona which acts as a hub for IT professionals and includes a series of technical seminars, networking and keynote sessions. The event covers everything from data centres to the cloud with education, collaboration and inspiration at its core.

    “We’re heading into an age of intelligence from a technology perspective, driven by advances in artificial intelligence and machine learning,” said Rowan Trollope, Senior VP and General Manager of IoT and Applications at Cisco*, during the company’s opening keynote speech. “This is what underpins many of our key innovations...and that’s what’s going to continue to power our infrastructure.”

    “The future, and the pace of change, is going to be breathtaking. What you need to do is get started today. You really cannot delay or wait on this, because if you do, you’ll be left behind”

    In his future-gazing address, Trollope talked about the technologies that will realistically become a reality during the next three decades, including hover taxis arriving by 2022 and the disappearance of the smartphone by 2025, as augmented reality (AR) devices take over. By 2036, Alzheimer’s will be cured and a number of new jobs — including avatar manager, vertical farmer and body part maker — will have emerged, he predicted. By 2040, we’ll be capable of building a PC with the power of 1 billion human brains, while virtual telepathy will begin to dominate communications by 2048, he said. And by 2050, Earth’s population will grow to a staggering 9.7 billion people, while humankind will establish its first permanent outpost on Mars, he added.
    [​IMG]
    “The future is not that far away,” said Trollope, explaining that future innovations, along with a massive increase in IoT devices, will require smarter networks based on artificial intelligence (AI) and machine learning. On that note, Cisco’s latest portfolio of products was showcased, with a focus on the move towards what the company calls ‘intent-based networking’. This type of software-driven networking allows administrators to create the network they want using automation and analytics.

    This involves moving away from the way networks are traditionally managed, taking a proactive approach rather than reactive. The idea is that network administrators define what they want the network to do, then an automated software-driven platform is used to make it happen. Thanks to data analytics and machine learning, the platform can monitor and react to changing network conditions in real time, anticipating issues and stopping security threats before they can do any harm. What’s more, it’s continually learning so that it can carry on adapting. As well as being agile and secure, intent-based networking can also cut the time that IT departments spend on trouble shooting. Companies that can offer these kind of intelligent, adaptive end-to-end systems that make use of AI and data analytics will prosper over competitors.
    [​IMG]
    The keynote address touched on unlocking the power of data in order to provide critical business insights. Intel CEO Brian Krzanich also highlighted the importance of data and its transformative impact on both business and everyday life during his CES 2018* keynote speech. “Data is going to introduce social and economic changes that we see perhaps once or twice in a century,” said Krzanich. “We not only find data everywhere today, but it will be the creative force behind the innovations of the future. Data is going to redefine how we experience life — in our work, in our homes, how we travel, and how we enjoy sports and entertainment.”

    Another highlight from this year’s Cisco Live Europe was a guest keynote from Iron Maiden* singer Bruce Dickinson. As well as being a legendary rock star, Dickinson is also a former professional fencer and a qualified airline pilot who flies the heavy metal group between concerts on a Jumbo Jet. And being something of a modern polymath, he’s also an investor and entrepreneur.

    In an animated talk, Dickinson talked about the importance of communication and creativity in business. He also suggested that companies should consider nurturing ‘fans’, rather than just customers, using a football analogy to prove his point. “Your football club could lose every match from now until the end of time and you would still support them, said Dickinson. “You are not a customer of your football club. You are a fan”. This is a variation of the Triple Bottom Line concept, which suggests that businesses can generate long-term success by implementing business models that not only generate revenue, but that also benefit society, nurturing positive attitudes towards the brand.
    [​IMG]
    What’s certain is that a creative approach will be needed to prepare for the advanced technologies that are set to become a reality in the years leading up to 2050. In particular, AI-driven networks will be needed to power these innovations and to make use of the ever-growing amount of valuable data. “The future, and the pace of change, is going to be breathtaking,” warns Trollope. “What you need to do is get started today. You really cannot delay or wait on this, because if you do, you’ll be left behind”.
     
    Vasudev likes this.
  6. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,396
    Messages:
    991
    Likes Received:
    2,236
    Trophy Points:
    156
    Vasudev likes this.
  7. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,396
    Messages:
    991
    Likes Received:
    2,236
    Trophy Points:
    156
    Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking
    cisco-network-switches-hacking Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic.
    The stack-based buffer overflow vulnerability (CVE-2018-0171) resides due to improper validation of packet data in Smart Install Client, a plug-and-play configuration and image-management feature that helps administrators to deploy (client) network switches easily.
    Embedi has published technical details and Proof-of-Concept (PoC) code after Cisco today released patch updates to address this remote code execution vulnerability, which has been given a base Common Vulnerability Scoring System (CVSS) score of 9.8 (critical).
    Researchers found a total of 8.5 million devices with the vulnerable port open on the Internet, leaving approximately 250,000 unpatched devices open to hackers.
    To exploit this vulnerability, an attacker needs to send a crafted Smart Install message to an affected device on TCP port 4786, which is opened by default.
    "To be more precise, the buffer overflow takes place in the function smi_ibc_handle_ibd_init_discovery_msg" and "because the size of the data copied to a fixed-size buffer is not checked, the size and data are taken directly from the network packet and are controlled by an attacker," Cisco explain in its advisory.
    The vulnerability can also result in a denial-of-service condition (watchdog crash) by triggering indefinite loop on the affected devices.
    Researchers demonstrated the vulnerability at a conference in Hong Kong after reporting it to Cisco in May 2017.
    Video Demonstrations of the Attack:
    In their first demonstration, as shown in the video below, researchers targeted Cisco Catalyst 2960 switch to reset/change the password and entered privileged EXEC mode:

    In their second demo, researchers exploited the flaw to successfully intercept the traffic between other devices connected to the vulnerable switch and the Internet.

    Affected Hardware and Software:

    The vulnerability was tested on Catalyst 4500 Supervisor Engines, Cisco Catalyst 3850 Series Switches, and Cisco Catalyst 2960 Series Switches devices, as well as all devices that fall into the Smart Install Client type are potentially vulnerable, including:

    • Catalyst 4500 Supervisor Engines
    • Catalyst 3850 Series
    • Catalyst 3750 Series
    • Catalyst 3650 Series
    • Catalyst 3560 Series
    • Catalyst 2960 Series
    • Catalyst 2975 Series
    • IE 2000
    • IE 3000
    • IE 3010
    • IE 4000
    • IE 4010
    • IE 5000
    • SM-ES2 SKUs
    • SM-ES3 SKUs
    • NME-16ES-1G-P
    • SM-X-ES3 SKUs

    Cisco fixed the vulnerability in all of its affected products on 28th March 2018, and Embedi published a blog post detailing the vulnerability on 29th March. So, administrators are highly recommended to install free software updates to address the issue as soon as possible.
     
  8. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,396
    Messages:
    991
    Likes Received:
    2,236
    Trophy Points:
    156
    Here's how hackers are targeting Cisco Network Switches in Russia and Iran
    Sunday, April 08, 2018 Mohit Kumar
    [​IMG]
    Since last week, a new hacking group, calling itself 'JHT,' hijacked a significant number of Cisco devices belonging to organizations in Russia and Iran, and left a message that reads—"Do not mess with our elections" with an American flag (in ASCII art).

    MJ Azari Jahromi, Iranian Communication and Information Technology Minister, said the campaign impacted approximately 3,500 network switches in Iran, though a majority of them were already restored.

    The hacking group is reportedly targeting vulnerable installations of Cisco Smart Install Client, a legacy plug-and-play utility designed to help administrators configure and deploy Cisco equipments remotely, which is enabled by default on Cisco IOS and IOS XE switches and runs over TCP port 4786.


    Some researchers believe the attack involves a recently disclosed remote code execution vulnerability (CVE-2018-0171) in Cisco Smart Install Client that could allow attackers to take full control of the network equipment.

    However, since the hack apparently resets the targeted devices, making them unavailable, Cisco believes hackers have been merely misusing the Smart Install protocol itself to overwrite the device configuration, instead of exploiting a vulnerability.

    "The Cisco Smart Install protocol can be abused to modify the TFTP server setting, exfiltrate configuration files via TFTP, modify the configuration file, replace the IOS image, and set up accounts, allowing for the execution of IOS commands," the company explains.
    Chinese security firm Qihoo 360's Netlab also confirms that that hacking campaign launched by JHT group doesn’t involve the recently disclosed code execution vulnerability; instead, the attack is caused due to the lack of any authentication in the Cisco smart install protocol, reported in March last year.
    [​IMG]

    According to Internet scanning engine Shodan, more than 165,000 systems are still exposed on the Internet running Cisco Smart Install Client over TCP port 4786.


    Since Smart Install Client has been designed to allow remote management on Cisco switches, system administrators need to enable it but should limit its access using Interface access control lists (ACLs).

    Administrators who do not use the Cisco Smart Install feature at all should disable it entirely with the configuration command—"no vstack."

    Although recent attacks have nothing to do with CVE-2018-0171, admins are still highly recommended to install patches to address the vulnerability, as with technical details and proof-of-concept (PoC) already available on the Internet, hackers could easily launch their next attack leveraging this flaw.
     
Loading...

Share This Page