Cisco Is 10 Out Of 10 This Week For The Impact of Two Vulnerabilities That Is
Ever Heard Of An Unintentional Debugging Credential Before?
The Register has a sneaking suspicion that is code for a set of credentials used for debugging during manufacturing which was not removed before the switches sent, regardless the effect is that if you have telnet enabled on your switches anyone who knows the credential can easily gain root access to those switches. This would be what we call a very bad thing.
If that wasn’t enough to make your Friday memorable, there is another 10/10 Cisco vulnerability in their management portal which allows a knowledgeable attacker to perform a command injection attack without even needing to authenticate themselves. The management portal can be accessed by a LAN port, or if you have enabled Remote Web Management, as many do, then the attack can be performed remotely.
There are two more bonus Cisco vulnerabilities for you, as well as a list of the affected switch models here, if you need to check.
Cisco this week revealed a pair of critical flaws, rated ten out of ten in severity, in its family of Catalyst PON Series Switches Optical Network Terminals.