Cisco’s network access management has “critical” rated bug devices which could have allowed the hackers to break into corporate networks remotely.
The critical bug was found in Cisco’s Secure Access Control System (ACS) which is used by the system administrators to substantiate users across a network. While the vulnerability had a score of 9.8 out of 10 on the common vulnerability severity rating, details remained inadequate.
Now, the Positive Technologies at two security researchers reported the bug to Cisco and explained that an attacker could gain near-unfettered access to a corporate network.
An attacker will already work on the network to modify or collect the credentials of users on some network devices and execute man-in-the-middle attacks option.
If a device were available on the internet, then the device would be at far greater risk of remote attacks.
To protect your device from online attacks or malware install McAfee antivirus security software on your devices. McAfee protects against various threats and also monitors the unusual activity and alerts you about that activity.
The Mikhail Klyuchnikov, the developer of bug, said if Cisco ACS is amalgamated with the Microsoft Active Directory, which is often the case when an attacker can steal the administrator details of the domain. And even without the Active Directory integration software, an attacker can silently control the connected routers and firewalls to interrupt and modify the traffic on the network, or even they can gain access to the closed-off sensitive areas of the network.
The issue is that how the server handles messages in AMF3, it is a binary format which is used in numerous programming languages, including Python, Perl, but also Flash and Java. In this case, an attacker can set a malicious Java object into a format that is suitable for sending over a network, so when the server is loading the object, it automatically runs the malicious code.
Now, the Cisco’s Secure Access Control System is no longer on the sale and also reached on its end-of-life last year, but last month bug is fixed by networking giant.
One of the representatives of Cisco stated that the company didn’t enlarge on vulnerabilities in its security reports but confirmed that the report by Positive was perfect.
To protect your phone from different online attacks or malware, install McAfee antivirus on your device. McAfee easily tracks the unusual activity on your device and alerts you instantly. For downloading, installing or activating the McAfee antivirus visit Mcafee activation website.