Cisco Security Vulnerability Thread.
-
Literally just reading about this one.
9.8 out of 10
"fifth undocumented password (aka backdoor) that Cisco has removed from its software in the past 5 months."
'Undocumented except by the fbi and nsa' I think is what they meant. -
@momurda said in Cisco Security Vulnerability Thread.:
Literally just reading about this one.
9.8 out of 10
"fifth undocumented password (aka backdoor) that Cisco has removed from its software in the past 5 months."
'Undocumented except by the fbi and nsa' I think is what they meant.And in hacker documents the world over.
-
Our monthly hardcoded root credentials are in.
-
@travisdh1 said in Cisco Security Vulnerability Thread.:
Our monthly hardcoded root credentials are in.
Definitely showing that even becoming famous for having hard coded creds, they won't change any till caught and forced to change them.
-
@scottalanmiller said in Cisco Security Vulnerability Thread.:
@travisdh1 said in Cisco Security Vulnerability Thread.:
Our monthly hardcoded root credentials are in.
Definitely showing that even becoming famous for having hard coded creds, they won't change any till caught and forced to change them.
I mean the people that buy Cisco probably don't care too much.
-
@coliver said in Cisco Security Vulnerability Thread.:
@scottalanmiller said in Cisco Security Vulnerability Thread.:
@travisdh1 said in Cisco Security Vulnerability Thread.:
Our monthly hardcoded root credentials are in.
Definitely showing that even becoming famous for having hard coded creds, they won't change any till caught and forced to change them.
I mean the people that buy Cisco probably don't care too much.
Good point. Or at all.
-
A bumper night last night for Cisco. Not one, not two, but three privilege escalation and remote command execution threats announced.
https://tools.cisco.com/security/center/publicationListing.x
-
@travisdh1 said in Cisco Security Vulnerability Thread.:
A bumper night last night for Cisco. Not one, not two, but three privilege escalation and remote command execution threats announced.
https://tools.cisco.com/security/center/publicationListing.x
Wow
-
WebEx, local privilege escalation vulnerability.
-
@travisdh1 said in Cisco Security Vulnerability Thread.:
WebEx, local privilege escalation vulnerability.
Awesome, looks like I get to spend my day updating Webex.
-
@travisdh1 You would love this one
https://techcrunch.com/2018/11/01/bleedingbit-security-flaws-bluetooth-wireless-networks/ -
@dbeato said in Cisco Security Vulnerability Thread.:
@travisdh1 You would love this one
https://techcrunch.com/2018/11/01/bleedingbit-security-flaws-bluetooth-wireless-networks/I saw that headline, but didn't read the article. I'm not surprised that Cisco is one of the vulnerable brands.
-
"Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability"
Only a denial of service possibility. Did I forget to mention it's in the software that is supposed to prevent that sort of thing?
-
Wi-Fi access points sold by Cisco, Meraki, and Aruba have two critical vulnerabilities being patched that could allow hackers to run malware inside the sensitive networks that use the gear. While the flaws open corporate networks to some scary attacks, the real-world likelihood of them being exploited is debatable.
-
3 new vulnerabilities this morning.
Remote code execution
Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass2nd remote code execution.
Cisco Unity Express Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cueAnd a Meraki local privilege escalation for good measure.
Cisco Meraki Local Status Page Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki -
@travisdh1 wow, that's out of control.
-
They made it more than a month! It must be a record.
Web based privilege escalation on ASA boxes.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc -
Two Cisco ESA (Email Security Gateway) DDOS vulnerabilities today:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos -
@travisdh1 Is your hatred towards Ubuntu the same with Cisco? The fact that you created a thread just for it makes me think so.
-
@black3dynamite said in Cisco Security Vulnerability Thread.:
@travisdh1 Is your hatred towards Ubuntu the same with Cisco? The fact that you created a thread just for it makes me think so.
I created this thread because of all the people that were claiming that Cisco does not have security issues, when we know that assertion is not true. It's really more about documenting what we already know than an active "I don't like Cisco".
That said, it is true, I don't like Cisco. If they made products that were priced right and not an active security breach waiting to happen.
