Urgent Security Updates Released by Cisco, Juniper Networks, and Tenda Modem Router

Hey MCK’S, In recent news, some big players in tech are hustling to fix security problems. Let’s break it down: Cisco’s got a big issue with a CVSS severity rating of 10.0, which is as severe as it gets. Basically, there’s a hole in the security of their BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. Bad actors could sneak in without proper authentication. They found this during their own testing, so it’s not good. If someone takes advantage of this, they can do some nasty stuff — toll fraud, messing with settings, and even peeking at private info. But here’s the kicker: the attacker needs a valid user ID from an affected Cisco BroadWorks system to pull it off. Cisco’s got patches out in versions AP.platform.23.0.1075.ap385341, 2023.06_1.333, and 2023.07_1.332. So if you’re using Cisco, update ASAP.

Cisco also has a problem with its Identity Services Engine, scoring 8.6 on the severity scale. It’s about how they handle certain RADIUS accounting requests. If a hacker hits the right buttons, they could cause the system to hiccup, leading to timeouts and locking out legit users. This affects versions 3.1 and 3.2, but it’s fixed in versions 3.1P7 and 3.2P3. Now, let’s talk about Juniper Networks. They had to rush out a fix for a BGP flaw. This one’s a 7.5 on the severity scale. It’s all about Border Gateway Protocol, and if a bad actor has at least one established BGP session, they could mess things up, causing a denial-of-service situation. Juniper Networks fixed it in Junos OS 23.4R1 and Junos OS Evolved 23.4R1-EVO. Lastly, there’s a mess with Tenda’s N300 Wireless N VDSL2 Modem Router. CERT Coordination Center (CERT/CC) found an authentication bypass flaw. This means a sneaky attacker can get into the router without proper authentication. If they do, they can access stuff they shouldn’t. CERT/CC suggests disabling remote (WAN-side) administration services and the WAN web interface on any SoHo router until Tenda gets its act together and releases a security update.

In a nutshell, if you use any of this tech, make sure you’re up to date on your security fixes or follow the recommended precautions. It’s a wild tech world out there! Stay safe.