Cisco NX-OS Software NX-API Denial of Service Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart.

The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic.

Note: The NX-API feature is disabled by default.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos

Security Impact Rating: Medium

CVE: CVE-2019-1968

Related:

  • No Related Posts

Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability

A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-nxapi-xss

Security Impact Rating: Medium

CVE: CVE-2019-1733

Related:

  • No Related Posts

Cisco NX-OS Software SSH Key Information Disclosure Vulnerability

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user’s private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials.

The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user’s private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info

Security Impact Rating: Medium

CVE: CVE-2019-1731

Related:

  • No Related Posts

Cisco NX-OS Software NX-API Command Injection Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.

The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this vulnerability by sending malicious HTTP or HTTPS packets to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to perform a command-injection attack and execute arbitrary commands with root privileges.

Note: NX-API is disabled by default.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj

This advisory is part of the March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 26 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2019-1614

Related:

  • No Related Posts

Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root.

The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS request to an internal service on an affected device that has the NX-API feature enabled. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root.

Note: The NX-API feature is disabled by default.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-api-ex

This advisory is part of the March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 26 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2019-1605

Related:

  • No Related Posts

No Classification menu appears after ICT agent installation

I need a solution

Dear All,

I’ve setup AD and ICT server. however when I installed the ICT client, the installation was successfull but i dont see any classification menu when i right click any file (Office File) neither do i see any classification labels when i try to save as the file.

can anyone help me in troubleshooting this issue.

tnx..Qutub 

0

1550003453

Related:

  • No Related Posts

7021811: Reflection X 14.x or Reflection X Advantage, Password Aging, and Secure Shell

Password Aging Management and Reflection

To change a user’s password the host typically requires an interactive shell. Although Reflection X does not provide an interactive shell, this requirement can be bypassed by configuring Reflection X for keyboard interactive authentication user authentication, and configuring the host for Password Aging Management (PAM).

Configure Reflection X 14.x or Reflection X Advantage to use Keyboard Interactive Authentication

Keyboard Interactive user authentication is automatically enabled in Reflection X 14.x or Reflection X Advantage; however, it is not the primary authentication method. Depending on how the SSH server is configured, you may need to move the keyboard Interactive user authentication option to the top of the authentication methods list.

Reflection X Advantage

Follow these steps to modify the authentication order in Reflection X Advantage.

  1. In the Reflection X Manager, configure your X client to connect with Secure Shell.
  2. Click Advanced.
  3. Click the Authentication tab.
  4. Under User Authentication Methods, select Keyboard Interactive, and click the “up” arrow to move Keyboard Interactive to the top of the list.
2302_0.gif
  1. Click Close. The changes are saved automatically.

Reflection X 14.x

Follow these steps to modify the authentication order in Reflection X 14.x.

  1. In the Reflection X Manager, select your Secure Shell client connection file.
  2. Click Advanced.
  3. Select Keyboard Interactive, and click the “up” arrow to move Keyboard Interactive to the list.
2302_1.gif
  1. Click OK.
  2. Click File > Save to save the setting.

Configure the SSH Server to use Keyboard Interactive Authentication

Follow these steps to enable the host’s Password Aging Management to interact with Reflection X 14.x or Reflection X Advantage when connecting over Secure Shell. This configuration enables users to update an expired password while connecting to the host using Reflection X 14.x or Reflection X Advantage.

Note: These steps vary based on the SSH server product and version.

Example 1

The following example is for Reflection for Secure IT UNIX Server version 7.0.

  1. Connect to your host with an account that has permissions to edit the sshd2_config file.
  2. Open the sshd2_config file in a text editor.
  3. In the sshd2_config file, ensure that keyboard interactive authentication is enabled, and that PAM is required when using keyboard interactive.
AllowedAuthentications keyboard-interactive

AuthKbdInt.Required pam
  1. Save the file.
  2. Stop and restart the sshd2_config daemon.

Example 2

This example is for OpenSSH UNIX Server v4.3p2.

  1. Connect to your host with an account that has permissions to edit the sshd_config file.
  2. Open the sshd_config file in a text editor.
  3. Ensure the following two settings are enabled:
ChallengeResponseAuthentication yes

UsePAM yes
  1. Save the file.
  2. Stop and restart the sshd_config daemon.

Once these edits have been made to the configuration file, and the daemon is restarted, users will be prompted to create a new password if their password is expired. They will be guided through creating a new password by a series of dialog boxes, similar to the ones below.

2302_3.gif

Related:

How to enable a ProxySG interface to send a decrypted traffic to the connecting device

I need a solution

Hi,

We have a FireEye NX appliance that is connected inline with the Bluecoat ProxySG. However, the NX appliance cannot do its full capability to look for network malwares and callback because the traffic it receives from the ProxySG is encrypted.

If we enable SSL interception on the ProxySG, would it send also the traffic to NX appliance as decrypted? Or is the SSL interception feature in ProxySG for its own purpose only (to control all traffic including ssl)?

How can we enable an interface that is connected to another appliance to send the traffic as decrypted?

Please see attached picture for your reference.

Thank you.

Best Regards,
Ja

0

Related:

Endpoint Detection and Response Status “no status reported”

I need a solution

Hi- I am running SEP on both Mac and Windows, versions 12 and 14 on both OSs. When I run the scheduled report Client StatusClient Inventory Details, I have all of the clients show the Endpoint Detection and Response Status field as either “no status reported” or “disabled”.

I discovered that “disabled” indicates that one or more components on the client have been diabled. What does “no status reported” mean?

This is on both OSs, both versions of SEP. Virus definitions and IPS signatures are updating as expected. SEP Manager is version 14.0.2349.0100 running on Winodws Server 2008 R2 

Thanx

OregonSteve

“Never, never doubt what nobody is sure about.” -Willy Wonka

0

Related:

  • No Related Posts