A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote malicious user to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the malicious user to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure.
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates
Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. The bug the IT giant said was being abused in the wild is CVE-2024-26234, described as a proxy driver spoofing vulnerability in Windows. This was reported to Redmond by Christopher Budd of Sophos and is rated 6.7 out of 10 on the CVSS severity scale. Microsoft initially listed it...