Cisco’s warning: Patch this default Network Assurance Engine password bug

Cisco is urging customers to install an update that fixes a high-severity issue affecting its Network Assurance Engine (NAE) for managing data-center networks.

The bug, tracked as CVE-2019-1688, could allow an attacker to use a flaw in the password-management system of NAE to knock out an NAE server and cause a denial of service.

NAE is an important data-center network management tool that helps admins assess the impact of network changes and avoid application outages.

As Cisco explains, the flaw is due to user passwords changes from the web-management interface failing to propagate to the command-line interface (CLI), leaving the old default password in place in the CLI. The issue only affects NAE version 3.0 (1), so older versions aren’t affected.

Read more…
Source: ZDNet