Cisco removed its seventh backdoor account this year, and that's a good thing
Cisco, the world's leading provider of top networking equipment and enterprise software, has released today 15 security updates, including a fix for an issue that can be described as a backdoor account.
This latest patch marks the seventh time this year when Cisco has removed a backdoor account from one of its products, with the other previous six fixes listed below:
1. March – CVE-2018-0141 – Cisco Prime Collaboration Provisioning
2. March – CVE-2018-0150 – Cisco IOS XE operating system
3. May – CVE-2018-0222 – Cisco Digital Network Architecture
4. June – CVE-2018-0329 – Cisco Wide Area Application Services
5. July – CVE-2018-0375 – Cisco Policy Suite Cluster Manager
6. September – CVE-2018-15427 – Cisco Video Surveillance Manager
7. November – CVE-2018-15439 – Cisco Small Business Switches
In the majority of the cases above, the backdoor accounts were nothing more than debugging profiles that have been left inside Cisco software/firmware after factory testing or debugging operations.
Which does just reinforce again that p[ropriatary software is no more secure or insecure than good open source software. Because the code uis not seen also not mean that vunerabilities arer magically undisciovered.
Cisco removed its seventh backdoor account this year, and that’s a good thing | ZDNet Seventh backdoor account discovered in Cisco Small Business Switches firmware. |