CCNP Training Philippines: The Lowdown on the Recent High Impact Cisco Security Patches

Keeping up with the latest Cisco developments is crucial to achieving certification. It’s why centers for CCNP training in the Philippines make it a point to monitor industry trends and update their programs accordingly.

Recently, Cisco made the news with its several security updates. This article covers the essentials of this development.

Cisco Rolled out Multiple Security Patches across its Platforms

On February 20, 2019, Cisco released 16 security patches covering its many products. Their impact value varies: six of the patches are rated as high while 11 are rated as medium. Here’s an overview of high severity vulnerabilities that the patches addressed.

Vulnerability: CVE-2019-5736

What does it do? It can allow a remote and unauthenticated attacker to raise privileges on a targeted network or system.

Where does it exist? In the Open Contained Initiative runc CLI tool that’s used by various products

What causes it to exist? When an affected software mishandles file descriptors associated with exe/proc/self

Which Cisco product(s) are confirmed to have this vulnerability?

• Cisco IOS XE Software (Network Management and Provisioning)
• Cisco Cloudlock (Cisco Cloud Hosted Services)
• Cisco Defense Orchestrator (Cisco Cloud Hosted Services)

Which Cisco product(s) are under investigation for this vulnerability?

• Cisco IOS XE Software (Routing and Switching)
• Cisco IOS XE Software (Cisco IOS XE Software)
• Cisco IOS XE Software (Cisco IOS XE Software)

If the track of your Cisco training in the Philippines is associated with or utilizes any of these products and solutions, study them. Establish how these updates may affect your training. Do the same for the rest of the vulnerabilities tackled in this article.

Vulnerability: CVE-2019-1659

What does it do? It can allow a remote and unauthenticated attacker to execute a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel set between PI and ISE.

Where does it exist? In Cisco Prime Infrastructure’s (PI) Identity Services Engine integration feature

What causes it to exist? When the server SSL certificate is improperly validated while setting up the SSL tunnel with ISE

Which Cisco product(s) are confirmed to have this vulnerability?

• Cisco Prime Infrastructure Software Releases 2.2 through 3.4.0

Vulnerability: CVE-2019-1662

What does it do? It can allow a remote and unauthenticated attacker to enter the system as a valid user.

Where does it exist? In Cisco Prime Collaboration Assurance’s (PCA) Quality of Voice Reporting service

What causes it to exist? Inadequate authentication controls

Which Cisco product(s) are confirmed to have this vulnerability?

• Cisco PCA Software Releases before 12.1 SP2

Vulnerability: CVE-2019-1681

What does it do? It can allow a remote and unauthenticated attacker to retrieve files from the targeted device.

Where does it exist? In the Cisco Network Convergence System 1000 Series software’s TFTP service

What causes it to exist? When an affected software processes an improperly validated user-supplied input within TFTP requests

Which Cisco product(s) are confirmed to have this vulnerability?

• Cisco IOS XR Software releases before Release 6.5.2 for Cisco Network Convergence System 1000 Series devices

Vulnerability: CVE-2018-15380

What does it do? It can allow an adjacent and unauthenticated attacker to implement commands as the root user.

Where does it exist? In the Cisco HyperFlex Software’s cluster service manager

What causes it to exist? Inadequate input validation

Which Cisco product(s) are confirmed to have this vulnerability?

• Cisco HyperFlex Software releases before 3.5(2a).

Vulnerability: CVE-2019-1664

What does it do? It can allow a local and unauthenticated attacker to secure root access to every node in the cluster

Where does it exist? In the Cisco HyperFlex Software’s hxterm service

What causes it to exist? Inadequate authentication controls

Which Cisco product(s) are confirmed to have this vulnerability?

• Cisco HyperFlex Software Releases before 3.5(2a).

Do you want to find out the most recent and relevant updates to your Cisco specialization? Enroll in one of our programs for CCNP training in the Philippines! Click here to find out how else we can help you guarantee Cisco certification.