Bi-annual Cisco Announcements

Started by icecream-guy, March 28, 2018, 11:37:26 AM

Previous topic - Next topic

icecream-guy

Happy Cisco vulnerability day.

som 38 or so announcements.

Highlights

Anything running Cisco IOS XE 16.x
Anything still running smart Install if you haven't already turned it off.
The Adaptive QoS for Dynamic Multipoint VPN (DMVPN) feature of Cisco IOS Software and Cisco IOS XE

these are all critical
:professorcat:

My Moral Fibers have been cut.

Otanx

I had to go through all of those yesterday. You could tell how frustrated I was getting with each email to the cyber team. They started off as "We have no devices affected" then it moved to "Stupid bug we don't care about." Finally, I got to the default credential issue, and that email read something like. "Cisco Sucks. 2018 and default credential vulnerability? Really? Because the bug report lacks details I can't be sure we are not vulnerable so ... <insert bunch of details on how to make sure we were OK> ... Not like I didn't have anything better to do with my day. In closing Cisco Sucks."

-Otanx





deanwebb

What you don't patch today, gets exploited later today...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.