Cisco Patches 'Prime Home' Flaw That Allowed Hackers To Reach Into People's Homes (helpnetsecurity.com) 19
Orome1 quotes a report from Help Net Security: Cisco has patched a critical authentication bypass vulnerability that could allow attackers to completely take over Cisco Prime Home installations, and through them mess with subscribers' home network and devices. The vulnerability (CVE-2017-3791), found internally by Cisco security testers, affects the platform's web-based GUI, and can be exploited by remote attackers to bypass authentication and execute any action in Cisco Prime Home with administrator privileges. No user interaction is needed for the exploit to work, and exploitation couldn't be simpler: an attacker just needs to send API commands via HTTP to a particular URL. The bug exists in versions 6.4 and later of Cisco Prime Home, but does not affect versions 5.2 and earlier. "Administrators can verify whether they are running an affected version by opening the Prime Home URL in their browser and checking the Version: line in the login window. If currently logged in, the version information can be viewed in the bottom left of the Prime Home GUI footer, next to the Cisco Prime Home text," Cisco instructed in the security advisory.
So much for Cisco being more secure... (Score:2)
So are they are more secure than the next guy? Not really, they have bugs too (not to mention they designed a lot of the really scary protocols running around the net that sacrifice security all the time).
I guess you can give them kudos for finding an issue then fixing it too... Just don't try to find the updated firmware for that old router you have w/o a service contract..
Re: (Score:2)
Cisco is quite a bit less secure than many competing companies, they have just been riding the name recognition for years.
Re: (Score:2)
I worked at cisco back in the early 90's when it was 3 buildings in menlo park. I later returned about 2 yrs ago for a short contract job.
the company change was night and day, of course (they now have over 25 buildings in san jose, alone). what I noticed is that they no longer have the 'best and brightest' but they are an h1b farm, pretty much.
do you want crappy code and bugs? cause this is how you get crappy code and bugs....
cisco is a has-been, for the most part. some smart people are still there, but
Re: (Score:2)
other companies make core routers, I'd strongly recommend looking at Juniper or see if Nokia, Ericsson, Extreme Networks, Huawei, ZTE products can fit your need
Based on hundreds of thousands of vulns, yes (Score:2)
> So are they are more secure than the next guy?
I manage a vulnerable assessment system. We have hundreds of thousands of distinct vulnerabilities in our database, which we look for on the hundreds of thousands of devices we scan every week. I've been working full time in network security for 18 years. Based on the data I have, yes Cisco is *more secure* than most. Especially if the administrator pays attention to security - Cisco provides many, many ways to make your network more secure.
>> No
Prime Home (Score:2)
I propose a new acronym (Score:3)
Intelligent Devices for the Internet Of Things, or in short IDIOT
Also applicable to anyone buying something from that product group.