Cisco removed its seventh backdoor account this year, and that's a good thing

Posted on: Fri, 2018-11-09 - 07:50 By: admin

Cisco removed its seventh backdoor account this year, and that's a good thing

Cisco, the world's leading provider of top networking equipment and enterprise software, has released today 15 security updates, including a fix for an issue that can be described as a backdoor account.

This latest patch marks the seventh time this year when Cisco has removed a backdoor account from one of its products, with the other previous six fixes listed below:

1. March - CVE-2018-0141 - Cisco Prime Collaboration Provisioning
2. March - CVE-2018-0150 - Cisco IOS XE operating system
3. May - CVE-2018-0222 - Cisco Digital Network Architecture
4. June - CVE-2018-0329 - Cisco Wide Area Application Services
5. July - CVE-2018-0375 - Cisco Policy Suite Cluster Manager
6. September - CVE-2018-15427 - Cisco Video Surveillance Manager
7. November - CVE-2018-15439 - Cisco Small Business Switches

In the majority of the cases above, the backdoor accounts were nothing more than debugging profiles that have been left inside Cisco software/firmware after factory testing or debugging operations.

Which does just reinforce again that p[ropriatary software is no more secure or insecure than good open source software. Because the code uis not seen also not mean that vunerabilities arer magically undisciovered.

See https://www.zdnet.com/article/cisco-removed-its-seventh-backdoor-account-this-year-and-thats-a-good-thing/

#cisco #FOSS


Cisco removed its seventh backdoor account this year, and that's a good thing | ZDNet
Seventh backdoor account discovered in Cisco Small Business Switches firmware.