The most recent content from our members.
HI All. We are currently evaluating NCM, and have q few questions around firmware vulnerability management. Even though we take backup of running and start up configs through NCM, it does not seem to scan the backed up configs and tell us actually impacting vulnerabilities. Instead, it flags any potential vulnerabilities…
A couple of days ago I noticed serious warnings about the SSH vulnerability, Terrapin (CVE-2023-48795) It has been reported widely https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://www.helpnetsecurity.com/2023/12/19/ssh-vulnerability-cve-2023-48795/…
HCO Advanced Introduced the Security Tab - I do not see the option in User Settings. If this is unable to be done in the GUI how do I restrict this in using the database? How can I remove / restrict this tab to different users?
As of NCM V7.9, NCM uses the old NIST XML feed, which provides CVSS 2.0 Base Impact Scores. CIsco's Security Bulletin default has been CVSS 3.0 for awhile now. The XML Feed was scheduled to retire in April, 2019, but has been extended to October 9, 2019: NVD - XML Vulnerability Feed Retirement Please start using the JSON…
After using nmap to scan the server, it was found that insecure algorithms are used. This may allow attackers to compromise the secure communication. Are there ways to remediate this issue? Have tried to disable ciphers and key exchange algorithm on Windows, but does not work. These are the affected algorithm: *…
Curious is anyone has seen this or how people are dealing with it. My understanding is that the SEM agent doesn't actually use any of the vulnerable classes in Log4j but Tenable is flagging the files based on version number which right now is 1.x which is out of support so it's flagged as a vulnerability. Whether or not…
This is probably a no brainer, but is the Solarwinds Orion 2020.2.6 HF1 version impacted at all by the new log4j vulnerability variant? My guess is probably not, being that it needs JAVA to manifest itself, and I don't believe Solarwinds Orion utilizes any JAVA components with the latest software versions. But my…
It wasn't that long ago that SSL 2.0 and then SSL 3.0 imperfections sent the security world scrambling to the safety of TLS, SSL's direct successor. Then came BEAST, which used a combination of JavaScript and network sniffers to decrypt authentication cookies over TLS 1.0 streams. And now we have the Lucky 13 attack that…
Hello Is there any information that these 2 vulnerabilities are resolved or not? https://www.cvedetails.com/vulnerability-list/vendor_id-1305/product_id-51454/year-2018/Solarwinds-Sftp-scp-Server.html CVE-2918-16792 CVE-2018-16791 Thank you
Back from Austin and home for a few weeks before I head...back to Austin for a live episode of SolarWinds Lab. Last week was the annual Head Geeks Summit, and it was good to be sequestered for a few days with just our team as we map out our plans for world domination in 2020 (or 2021, whatever it takes). As always, here's…
It looks like you're new here. Sign in or register to get started.