Hardcoded Password Found in Cisco Enterprise Software, Again!
Which is why, once and for all, we need to stop thinking proprietary software is any more secure than open source software. This is not the first time for Cisco and Microsoft XP was caught out a few years back with a similar issue. And the US government can stop being smug about Huawei as there is a long history of this across various brands – https://www.computerworlduk.com/security/security-backdoors-that-heped-kill-faith-in-security-3634220/. My best suggestion is to find good open source route software that you can audit and flash it yourself to whatever router hardware you want to use (if you want to be secure).
Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated "Critical" and which received a maximum of 10 out of 10 on the CVSSv3 severity score.
The three vulnerabilities include a backdoor account and two bypasses of the authentication system for Cisco Digital Network Architecture (DNA) Center.
The Cisco DNA Center is a piece of software that's aimed at enterprise clients and which provides a central system for designing and deploying device configurations (aka provisioning) across a large network.
This is, arguably, a pretty complex piece of software, and according to Cisco, a recent internal audit has yielded some pretty bad results.
lolita_lopez2 |