16 new Cisco advisories

Started by icecream-guy, September 29, 2016, 07:30:04 AM

Previous topic - Next topic

icecream-guy

My apologies if you run Prime, WaaS, or ISE!

23 new vulnerabilities announced yesterday.
:professorcat:

My Moral Fibers have been cut.

deanwebb

Are these all the same vulnerability on each platform, or are we dealing with more diversity in how things go boom on Cisco this week?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: deanwebb on June 22, 2017, 10:15:49 AM
Are these all the same vulnerability on each platform, or are we dealing with more diversity in how things go boom on Cisco this week?

based on CVE's  different platforms covered under each advisory.
:professorcat:

My Moral Fibers have been cut.

deanwebb

Reading the list, looks like a bunch of XSS vulnerabilities.

AGAIN.

:facepalm2:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

'nother big announcement yesterday 3 crit,  4 high, rest medium
yer kinda screwed if you are running Cisco Ultra Services Framework  (for mobile network operators)
:professorcat:

My Moral Fibers have been cut.

deanwebb

What gets me about Cisco is that so very many of their vulnerabilities are from a lack of code hardening on features that they don't use anyway or that have been known issues for ages (like XSS) and they simply didn't bother until recently to patch this thing or that.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: deanwebb on July 06, 2017, 10:56:01 AM
What gets me about Cisco is that so very many of their vulnerabilities are from a lack of code hardening on features that they don't use anyway or that have been known issues for ages (like XSS) and they simply didn't bother until recently to patch this thing or that.

back in the old days, it wasn't a vulnerability if no one knew about it.  keep it on the hush hush and you are free and clear. These days with so many researchers, companies disclosing vulnerabilities, and rewarding people who do find them, companies are walking a thin line, especially public ones that have to answer to stock holders.
:professorcat:

My Moral Fibers have been cut.

LynK

where you guys get these advisories?
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

deanwebb

Quote from: LynK on July 10, 2017, 01:57:24 PM
where you guys get these advisories?


https://tools.cisco.com/security/center/publicationListing.x is a good place to start. It's nice and filterable, in a Cisco-y kind of way.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: deanwebb on July 10, 2017, 02:33:52 PM
Quote from: LynK on July 10, 2017, 01:57:24 PM
where you guys get these advisories?


https://tools.cisco.com/security/center/publicationListing.x is a good place to start. It's nice and filterable, in a Cisco-y kind of way.

There is also an RSS feed here, if you are to lazy to click on a bookmark.

https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml

:professorcat:

My Moral Fibers have been cut.


deanwebb

Gives me an idea... I can add vendor feeds to the forums here...

Sound like a good idea?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: deanwebb on July 11, 2017, 08:42:44 AM
Gives me an idea... I can add vendor feeds to the forums here...

Sound like a good idea?

only if they pay
:professorcat:

My Moral Fibers have been cut.

icecream-guy

15 more announced yesterday, nothing critical.
:professorcat:

My Moral Fibers have been cut.

Dieselboy

So that means they've found them all now right?  :mrgreen:

Software deployment strategy: get it out to market as fast as you can. QA it later.

If you guys have Cisco spark, I can configure an RSS feed to post updates to a space and we all get it. Emails are so last year :)