Latest News
Movies one should watch on the subject of cybersecurity. Almost
September 7, 2021
Data ScienceLatest News
These tools can help data science students to learn strategies
September 7, 2021
Latest NewsRobotics
The recent report from cybersecurity firm Barracuda showed that bots
September 7, 2021
A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition.
This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu
This advisory is part of the August 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.
Security Impact Rating: Medium
CVE: CVE-2021-1590
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device.
This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-GkCvfd4
Security Impact Rating: Medium
CVE: CVE-2021-1522
Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.
If this does not resolve the issue then proceed to the next section.
For information on Receiver feature updates refer to – Citrix Receiver Feature Matrix.
This error message suggests that the Mac client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the Secure Gateway/NetScaler Gateway server certificate.
Complete the following steps to resolve this issue:
For Big Sur, please refer to Add certificates to a keychain using Keychain Access on macOS Big Sur
For Catalina, please refer to Add certificates to a keychain using Keychain Access on macOS Catalina
The default File Format should be Certificate (.cer).
Note: You might need to rename the certificate to a .CRT extension for the client to properly identify the certificate.
Save the certificate to the ApplicationsCitrix ICA Clientkeystorecacerts folder (create this folder if it does not exist):
This issue is most commonly seen when the FIPS Key originated from another device’s private key that was subsequently imported into the FIPS ADC appliance. Commonly, private keys from other devices are imported as password protected PFX files. PFX files are converted on the FIPS ADC into PEM files that contains both the certificate and the private key.
After the PEM file is imported as an FIPS Key, the administrator will attempt to install new certificate definition using the existing PEM file and the new FIPS Key imported from the PEM file. The administrator provides the PFX file password when attempting to install the certificate definition using either of the following:
NetScaler administration utility (GUI): Traffic Management > SSL > Certificates > Install
Terminal session (CLI): add ssl certkey
The administrator might incorrectly include the PFX file password when installing the new certificate definition. However the password is not required for an FIPS Key imported as the private key exported from the PFX file to the PEM file will not be encrypted.