Cisco Ironport critical vulnerability

Started by icecream-guy, October 05, 2015, 07:17:53 AM

Previous topic - Next topic

icecream-guy

Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100210-ironport

:ivan:
:professorcat:

My Moral Fibers have been cut.

deanwebb

Once again, the networking pros make jokes about the oxymoron "Cisco security".
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

What I laugh at is the time line. This vulnerability was released back in 2010. At that time Cisco said here is a work around, but never released a patch. End of Sale is two years later in 2012. Still no patch. For whatever random reason they update the work around section in 2014. End of Support/Life is July of 2015. No patch ever released. Another security researcher finds a new way to exploit this vulnerability after End of Support. Cisco updates the document to mention that no really you should implement the work-around described below.

-Otanx

icecream-guy

I didn't even catch that 2010 date.  oops.
:professorcat:

My Moral Fibers have been cut.