Cisco removed its seventh backdoor account this year, and that's a good thing
Cisco, the world's leading provider of top networking equipment and enterprise software, has released today 15 security updates, including a fix for an issue that can be described as a backdoor account.
This latest patch marks the seventh time this year when Cisco has removed a backdoor account from one of its products, with the other previous six fixes listed below:
1. March - CVE-2018-0141 - Cisco Prime Collaboration Provisioning
2. March - CVE-2018-0150 - Cisco IOS XE operating system
3. May - CVE-2018-0222 - Cisco Digital Network Architecture
4. June - CVE-2018-0329 - Cisco Wide Area Application Services
5. July - CVE-2018-0375 - Cisco Policy Suite Cluster Manager
6. September - CVE-2018-15427 - Cisco Video Surveillance Manager
7. November - CVE-2018-15439 - Cisco Small Business Switches
In the majority of the cases above, the backdoor accounts were nothing more than debugging profiles that have been left inside Cisco software/firmware after factory testing or debugging operations.
Which does just reinforce again that p[ropriatary software is no more secure or insecure than good open source software. Because the code uis not seen also not mean that vunerabilities arer magically undisciovered.
|Cisco removed its seventh backdoor account this year, and that's a good thing | ZDNet
Seventh backdoor account discovered in Cisco Small Business Switches firmware.