Cisco Is 10 Out Of 10 This Week For The Impact of Two Vulnerabilities That Is
Ever Heard Of An Unintentional Debugging Credential Before?
The Register has a sneaking suspicion that is code for a set of credentials used for debugging during manufacturing which was not removed before the switches sent, regardless the effect is that if you have telnet enabled on your switches anyone who knows the credential can easily gain root access to those switches. This would be what we call a very bad thing.
If that wasn’t enough to make your Friday memorable, there is another 10/10 Cisco vulnerability in their management portal which allows a knowledgeable attacker to perform a command injection attack without even needing to authenticate themselves. The management portal can be accessed by a LAN port, or if you have enabled Remote Web Management, as many do, then the attack can be performed remotely.
There are two more bonus Cisco vulnerabilities for you, as well as a list of the affected switch models here, if you need to check.
Cisco this week revealed a pair of critical flaws, rated ten out of ten in severity, in its family of Catalyst PON Series Switches Optical Network Terminals.
More Tech News From Around The Web
- Waterfox: A Firefox fork that could teach Mozilla a lesson @ The Register
- Superconductor reveals new state of matter involving pairs of Cooper pairs @ Physics World
- Alphabet launches AI company to discover new drugs @ Ars Technica
- Expired cert breaks Windows 11 snipping tool, emoji panel, S Mode features, other stuff @ The Register
- AMD’s CEO Teases the OAM Accelerator Era on Twitter @ ServeTheHome
- 7 good deals on fitness tech from this week’s early Black Friday sales @ Ars Technica