Cisco released 25 security updates Wednesday, including a critical patch removing an undocumented password for “root” accounts of Cisco Policy Suite (sold to ISPs and large corporate clients). “The vulnerability received a rare severity score of 9.8 out of a maximum of 10 on the CVSSv3 scale,” reports Bleeping Computer.
An anonymous reader quotes Tom’s Hardware:
Over the past few months, not one, not two, but five different backdoors joined the list of security flaws in Cisco routers…. In March, a hardcoded account with the username “cisco” was revealed. The backdoor would have allowed attackers to access over 8.5 million Cisco routers and switches remotely. That same month, another hardcoded password was found for Cisco’s Prime Collaboration Provisioning software, which is used for remote installation of Cisco’s video and voice products. Later this May, Cisco found another undocumented backdoor account in Cisco’s Digital Network Architecture Center, used by enterprises for the provisioning of devices across a network. In June, yet another backdoor account was found in Cisco’s Wide Area Application Services, a software tool for Wide Area Network traffic optimization…
Whether or not the backdoor accounts were created in error, Cisco will need to put an end to them before this lack of care for security starts to affect its business.
of this story at Slashdot.
Source:: Slashdot