| Thread Tools |
5th May 2019, 03:48 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 148,670
| Cisco backdoor patched. Huawei the lads! Sorry, China - not you. It is Cisco US Cisco networking giant Cisco patched a security vulnerability in some of its network switches that could take over IT equipment and spy on people. The announcement comes after the US press dredged up a similar vulnerability found in Huawei gear from years ago - which was also fixed - as part of American pressure against the Chinese networking giant. For those who came in late, the US government claims that Huawei is a tool of the Chinese government to spy on the West. Huawei has always denied it and the US has never released any proof. So if the recent ancient accusation against Huawei is enough to kick the outfit out of western networks, this flaw from Cisco must be enough to prove that the US government is using the outfit to spy on the East. It is bollocks of course, all gear has security flaws regardless of the flag it flies. US tech giant Cisco has issued a free fix for software running on its Nexus 9000 series machines that can be exploited to log in as root and hijack the device for further mischief and eavesdropping. A miscreant just needs to be able to reach the vulnerable box via IPv6. It's due to a default SSH key pair hardcoded into the software. Cisco said that the vulnerability was found in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. It was discovered and reported by Oliver Matula of ERNW Enno Rey Netzwerke in cooperation with ERNW Research and was released as one of 40 security patches Cisco released. https://fudzilla.com/news/network/48...etworking-gear |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
SAP “patched” bug still has holes | Stefan Mileschin | WebNews | 0 | 13th May 2016 08:20 |
UK lads mags FHM and Zoo to disappear from shelves | Stefan Mileschin | WebNews | 0 | 17th November 2015 16:38 |
Malicious Cisco router backdoor found on 79 more devices, 25 in the US | jmke | WebNews | 0 | 17th September 2015 13:56 |
Grand Theft Auto V Patched | Stefan Mileschin | WebNews | 0 | 23rd April 2015 13:12 |
New Microsoft IE zero-day won't be patched on XP | Stefan Mileschin | WebNews | 0 | 29th April 2014 07:04 |
Call of Duty: Ghosts PC Patched | Stefan Mileschin | WebNews | 0 | 28th November 2013 07:07 |
Crysis 3 Patched Again | Stefan Mileschin | WebNews | 0 | 11th March 2013 06:49 |
Cisco appears desperately frustrated by Huawei | Stefan Mileschin | WebNews | 0 | 6th June 2012 07:03 |
Huawei gunning for the Cisco kid | Stefan Mileschin | WebNews | 0 | 14th May 2012 09:14 |
Cmon lads !! We need you and joe and joe | leeghoofd | Hardware Overclocking and Case Modding | 418 | 24th December 2009 23:04 |
Thread Tools | |
| |