Cisco Energy Management Suite Default PostgreSQL Password Vulnerability

A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data.

The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CEMS is installed and establishing a local connection to the database.

The fix for this vulnerability randomizes the database access password in new installations; however, the fix will not change the password for existing installations. Users are required to manually change the password, as documented in the Workarounds section of this advisory.

There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181204-ems-sql-passwrd

Security Impact Rating: Medium

CVE: CVE-2018-0468

Related:

  • No Related Posts

RSA Archer Cyber Incident & Breach Response

EMC logo


What is a cyber incident / breach response program?

Cyber and security breaches continue dominating front page headlines all over the world. It’s not enough to hope it doesn’t happen to you or assume you’ll be able to respond effectively if it does. Companies need a proactive, program-level approach to IT & security risk management based on sound methods for prioritizing actionable security events combined with consistent operational response procedures. Poor handoffs between security functions and IT teams leave limited visibility into remediation efforts to close declared cyber incidents, and can weaken the overall process to the point where it breaks down when needed most, namely during a breach.

 

Why are cyber incident & breach response capabilities so important?

The identification of potential security issues and the process of responding to a possible cyber incident are the first lines of defense against a significant business event. Many organizations have deployed security information and event management (SIEM) technology and log collection tools in their infrastructures to track events and provide alerts. These systems produce an overwhelming amount of data for the security team to review. Uncoordinated security response processes managed in spreadsheets, email, and through other ad-hoc mechanisms further raises the overall risk that the organization will not be able to respond in time and effectively.

 

RSA Archer Cyber Incident & Breach Response Program Management

RSA Archer Cyber Incident and Breach Response enables customers to centrally catalog organizational and IT assets, establishing insightful business context to drive incident prioritization and implement processes designed to escalate, investigate and resolve declared incidents effectively. This use case is designed for teams to work effectively through their defined incident response and triage procedures and prepare for data breaches. Built-in workflows and reporting allow security managers to streamline processes while staying on top of the most pressing concerns. Issues related to a declared incident investigation can be tracked and managed in a centralized portal, enabling full visibility, stakeholder accountability and reporting. If an incident escalates into a data breach, prebuilt workflows and assessments are designed to help the broader business team work with your security team to respond appropriately.

 

With RSA Archer Cyber Incident and Breach Response, declared cyber and security events are escalated quickly and consistently, a crucial aspect of robust Integrated Risk Management programs. Advanced workflows and insights allow more efficient utilization of security team resources, resulting in faster response, analysis, and closure rates for critical security incidents. With improved processes and capabilities, the security team can more effectively leverage existing infrastructure, such as SIEMs, log and packet capture tools, and endpoint security technologies, to focus on the most impactful incidents. These capabilities improve the security team’s preparedness for serious incidents involving potential data breaches, while increasing the return on infrastructure investments and lowering overall security risk.

 

For more information, please visit RSA.com and review the Datasheet.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

Cisco Meraki Local Status Page Privilege Escalation Vulnerability

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files.

The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki

Security Impact Rating: High

CVE: CVE-2018-0284

Related: