Cisco removed its seventh backdoor account this year, and that's a good thing
Cisco, the world's leading provider of top networking equipment and enterprise software, has released today 15 security updates, including a fix for an issue that can be described as a backdoor account.
This latest patch marks the seventh time this year when Cisco has removed a backdoor account from one of its products, with the other previous six fixes listed below:
1. March – CVE-2018-0141 – Cisco Prime Collaboration Provisioning
2. March – CVE-2018-0150 – Cisco IOS XE operating system
3. May – CVE-2018-0222 – Cisco Digital Network Architecture
4. June – CVE-2018-0329 – Cisco Wide Area Application Services
5. July – CVE-2018-0375 – Cisco Policy Suite Cluster Manager
6. September – CVE-2018-15427 – Cisco Video Surveillance Manager
7. November – CVE-2018-15439 – Cisco Small Business Switches
In the majority of the cases above, the backdoor accounts were nothing more than debugging profiles that have been left inside Cisco software/firmware after factory testing or debugging operations.
Which does just reinforce again that p[ropriatary software is no more secure or insecure than good open source software. Because the code uis not seen also not mean that vunerabilities arer magically undisciovered.
 |
Cisco removed its seventh backdoor account this year, and that’s a good thing | ZDNet Seventh backdoor account discovered in Cisco Small Business Switches firmware. |