Security Alerts & News
by Tymoteusz A. Góral

History
#2125 A simple command allows the CIA to commandeer 318 models of Cisco switches
Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.

Cisco researchers said they discovered the vulnerability as they analyzed a cache of documents that are believed to have been stolen from the CIA and published by WikiLeaks two weeks ago. The flaw, found in at least 318 switches, allows remote attackers to execute code that runs with elevated privileges, Cisco warned in an advisory published Friday. The bug resides in the Cisco Cluster Management Protocol (CMP), which uses the telnet protocol to deliver signals and commands on internal networks. It stems from a failure to restrict telnet options to local communications and the incorrect processing of malformed CMP-only telnet options.
Read more
#2129 New technology combines lip motion and passwords to authenticate users
#2128 Old Linux kernel security bug bites
#2127 Firefox gets complaint for labeling unencrypted login page insecure
#2126 Numbers show Locky ransomware is slowly fading away
#2125 A simple command allows the CIA to commandeer 318 models of Cisco switches
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12