Cisco Is 10 Out Of 10 This Week For The Impact of Two Vulnerabilities That Is

Source: The Register Cisco Is 10 Out Of 10 This Week For The Impact of Two Vulnerabilities That Is

Ever Heard Of An Unintentional Debugging Credential Before?

The Register has a sneaking suspicion that is code for a set of credentials used for debugging during manufacturing which was not removed before the switches sent, regardless the effect is that if you have telnet enabled on your switches anyone who knows the credential can easily gain root access to those switches.  This would be what we call a very bad thing.

If that wasn’t enough to make your Friday memorable, there is another 10/10 Cisco vulnerability in their management portal which allows a knowledgeable attacker to perform a command injection attack without even needing to authenticate themselves.  The management portal can be accessed by a LAN port, or if you have enabled Remote Web Management, as many do, then the attack can be performed remotely.

There are two more bonus Cisco vulnerabilities for you, as well as a list of the affected switch models here, if you need to check.

Cisco this week revealed a pair of critical flaws, rated ten out of ten in severity, in its family of Catalyst PON Series Switches Optical Network Terminals.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!