The Bitcoin Core developers recently fixed Vulnerability-related.PatchVulnerability a major vulnerability in the Bitcoin ( BTC ) network ’ s ( client ) codebase . Explaining the potentially serious nature of the software bug , which is tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-17144 and classified as a denial-of-service ( DoS ) attack , Casaba Security co-founder Jason Glassberg said Vulnerability-related.DiscoverVulnerability : “ [ It ] can take down the network. ” Glassberg also told Vulnerability-related.DiscoverVulnerability ZDNet the vulnerability in the Bitcoin Core codebase “ would [ have ] affected transactions in the sense that they can not be completed , but does not appear to open up a way to steal or manipulate wallets. ” Denial-of-Service ( DoS ) , 51 % Attacks The Bitcoin Core client software is used by BTC miners to validate transactions on the cryptocurrency ’ s blockchain and the recent vulnerability found Vulnerability-related.DiscoverVulnerability in its source code could have been used to intentionally crash bitcoin ’ s full-node operators . Although not logistically feasible , this particular software bug could have been remotely exploited Vulnerability-related.DiscoverVulnerability by an attacker to launch a 51 % attack in which one entity controls the majority of the hashing ( or computing ) power of a cryptocurrency network . Advisory Notice , Critical Patch Released Vulnerability-related.PatchVulnerability In most cases , a bad actor has orchestrated a 51 % attack in order to manipulate transactions on a cryptocurrency ’ s blockchain for financial gains . At present , it would cost approximately $ 490,000 to launch such an attack ( for 1 hour ) on the Bitcoin network , according to Crypto51 . However , if the recent Bitcoin Core software bug had not been patched Vulnerability-related.PatchVulnerability , a bad actor could have initiated a 51 % attack on the cryptocurrency ’ s network at a considerably lower cost . The Bitcoin Core developers posted Vulnerability-related.DiscoverVulnerability an advisory notice ( on September 19th ) regarding this DoS vulnerability . Users of Bitcoin Core have been instructed to upgrade Vulnerability-related.PatchVulnerability to version 0.16.3 of the software . Previous versions ( 0.14.0 to 0.16.3 ) of the client contain the DoS vulnerability . Bitcoin Knots , one of at least 96 bitcoin forks to date , was considered vulnerable Vulnerability-related.DiscoverVulnerability as well and its client software was patched Vulnerability-related.PatchVulnerability . `` Copycat '' Cryptos Are At Risk Notably , the CVE-2018-17144 vulnerability could have also affected Vulnerability-related.DiscoverVulnerability the litecoin ( LTC ) network but its client has received Vulnerability-related.PatchVulnerability a patch . Commenting on the serious nature of these software bugs , Cornell computer science professor Emin Gün Sirer said Vulnerability-related.DiscoverVulnerability : “ Copycat currencies are at risk ” - meaning that all bitcoin forks are vulnerable Vulnerability-related.DiscoverVulnerability to the attack . The Turkish-American cryptographer , who identified Vulnerability-related.DiscoverVulnerability critical vulnerabilities in Ethereum ’ s codebase before its network was hit with the DAO attack , was referring to all the currently 69 active bitcoin forks that could still be exploited Vulnerability-related.DiscoverVulnerability with a 51 % attack as their clients might still not have received Vulnerability-related.PatchVulnerability a patch and are not as secure as bitcoin network due to their smaller size . In fact , Crypto51 has estimated it would only cost $ 122 to launch a 51 % attack on the Bitcoin Private ( BTCP ) network . However , this estimate has not been confirmed by another source .

Cisco has plugged Vulnerability-related.PatchVulnerability two severe vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its Digital Network Architecture ( DNA ) Center software . Appliances running Cisco 's DNA Center software before Release 1.1.4 are vulnerable Vulnerability-related.DiscoverVulnerability to an authentication bypass that could allow a remote attacker to `` take complete control '' of its identity management functions . Network admins can use the DNA Center interface to add new devices to the network and manage them based on enterprise policies . DNA Center is part of Cisco 's toolkit for internet-based networking . Lax security restrictions on key DNA management functions mean an attacker could send a valid identity management request to an affected system and then change existing system users or create new users , according to Cisco . The flaw , which is tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-0448 , is rated critical and has a Common Vulnerability Scoring System ( CVSS ) v 3.0 rating of 9.8 out of 10 . It 's fixed Vulnerability-related.PatchVulnerability in release 1.1.4 and later and since there are no workarounds , admins will need to update Vulnerability-related.PatchVulnerability to these releases to fix Vulnerability-related.PatchVulnerability the bug . Cisco also fixed Vulnerability-related.PatchVulnerability another critical DNA Center flaw , CVE-2018-15386 , which could give a remote attacker direct access to core management functions . An attacker could exploit the bug by directly connecting to exposed Attack.Databreach DNA Center services and from there obtain Attack.Databreach or change critical system files . This bug is due to insecure default configurations affecting Vulnerability-related.DiscoverVulnerability DNA Center release 1.1 Again , there are no workarounds for the bug , so admins will need to update Vulnerability-related.PatchVulnerability to release 1.2 and later . Both flaws were found Vulnerability-related.DiscoverVulnerability during internal testing . Cisco is not aware of any exploits in the wild for the flaws . Cisco has also fixed Vulnerability-related.PatchVulnerability a critical flaw affecting Vulnerability-related.DiscoverVulnerability Cisco Prime Infrastructure ( PI ) that could let a remote attacker upload any file they wishwithout requiring authentication . The file could be used to execute commands . On PI , Trivial File Transfer Protocol ( TFTP ) is enabled by default and accessible from the web interface , which an attacker could use toupload a malicious file . Customers should check Cisco 's advisory to determine whether they 're running a fixed release . It also has workarounds for some releases . The flaw was reported Vulnerability-related.DiscoverVulnerability by independent security researcher Pedro Ribeiro through Beyond Security 's SecuriTeam Secure Disclosure program . Beyond Security notes in its detailed report about the PI issue that Ribeiro identified Vulnerability-related.DiscoverVulnerability two flaws but only one was fixed Vulnerability-related.PatchVulnerability in Cisco 's patch . `` The first vulnerability is a file-upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user . '' `` The second vulnerability is a privilege escalation to root by bypassing execution restrictions in a SUID binary . `` From our assessment the provided fix only addresses Vulnerability-related.PatchVulnerability the file uploading part of the exploit , not the file inclusion , the ability to execute arbitrary code through it or the privileges escalation issue that the product has . '' Cisco also released Vulnerability-related.PatchVulnerability patches for 33 more high- and medium-severity flaws affecting Vulnerability-related.DiscoverVulnerability WebEx , SD-WAN products , and its ASA security appliances .