Catalin Cimpanu, writing for BleepingComputer: Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated “Critical” and which received a maximum of 10 out of 10 on the CVSSv3 severity score. The three vulnerabilities include a backdoor account and two bypasses of the authentication system for Cisco Digital Network Architecture (DNA) Center. The Cisco DNA Center is a piece of software that’s aimed at enterprise clients and which provides a central system for designing and deploying device configurations (aka provisioning) across a large network. This is, arguably, a pretty complex piece of software, and according to Cisco, a recent internal audit has yielded some pretty bad results.
Read more of this story at Slashdot.