Items tagged with: Cisco
Good heavens, is it time to patch Cisco kit again? Prime Infrastructure root privileges hole plugged... Better be careful or the US Administration will ban them next as a security risk
The updates come just two days after the firm copped to a secure boot flaw in its routers that has been dubbed (pronounced Thrangrycat) by those who discovered it.
It has also been just a few months since a pile of patches addressed roughly similar problems, including a slack handful of remotely rootable vulns in Hyperflex. Over the years El Reg has written time and again about severe and critical problems with PI, including a SQL injection nasty and a method of obtaining root privs through a malformed HTTP POST request, among many others.
In the past, we do know that similar vulnerabilities that were discovered (by another large US company) used to delay their public announcements so that their own government could exploit them on foreign soil. Hopefully, that practice has died out as I'm sure any US multinational company today would not play that game and risk being banned... It's just that Cisco has had so many vulnerabilities discovered sometimes for many consecutive months in a row. If I was a smaller company/government I'd feel a bit worried about what I don'yt know.
HN Discussion: https://news.ycombinator.com/item?id=19914466
Posted by sky_nox (karma: 217)
Post stats: Points: 133 - Comments: 44 - 2019-05-14T22:32:28Z
#HackerNews #9000 #allow #cisco #nexus #root #ssh #switches
HackerNewsBot debug: Calculated post rank: 103 - Loop: 134 - Rank min: 100 - Author rank: 60
Wie? Nein, nicht Huawei. Cisco schon wieder.
Na, wer setzt Geld darauf, dass die EU jetzt Cisco verbietet? Aus Sicherheitsgründen? Nicht?
#fefebot #EU #cisco #huawei
Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again - Better ban this gear from non-US core networks, right?
This comes immediately after panic this week over a hidden Telnet-based diagnostic interface was found in Huawei gateways. Although that vulnerability was real, irritating, and eventually removed at Vodafone's insistence, it was dubbed by some a hidden backdoor perfect for Chinese spies to exploit to snoop on Western targets.
Which, of course, comes as America continues to pressure the UK and other nations to outlaw the use of Huawei gear from 5G networks over fears Beijing would use backdoors baked into the hardware to snatch Uncle Sam's intelligence.
Well, if a non-internet-facing undocumented diagnostic Telnet daemon is reason enough to kick Huawei kit out of Western networks, surely this doozy from Cisco is enough to hoof American equipment out of British, European and other non-US infrastructure? Fair's fair, no?
It is really about time that network router companies were treated fairly. They have all had vulnerabilities and I'm never understanding why Cisco's repeated (I recall in 2018 they had 7 in a row in as many months) vulnerabilities are always played down whilst Huawei has a non-exposed Telnet "feature" blown completely out of proportion. It certainly does not appear to be a technology issue at stake here at all.
#security #cisco #vulnerability
HN Discussion: https://news.ycombinator.com/item?id=19507225
Posted by pjf (karma: 1767)
Post stats: Points: 206 - Comments: 89 - 2019-03-27T23:14:35Z
#HackerNews #banning #cisco #curl #fixes #rv320 #rv325 #user-agent #vulnerability
HackerNewsBot debug: Calculated post rank: 167 - Loop: 128 - Rank min: 100 - Author rank: 65
Lost the #router at work the other week and had to (quickly) build a replacement. This is it: a used Thinkcenter M91p from the local computer liquidation center for ~$200 (CAD).
It's an i5-2400 (3.1 - 3.4ghz) with 6 GB DDR3 RAM, 3 SATA-II connectors, 1 SATA-I connector, 1 x PCIe slot, and 2 or 3 PCI slots. Came with a SATA DVD drive I squirrelled off for my home system. I added a couple hard drives and network cards laying about.
Currently, it has a pair of 500gb HDD's mirrored (ZFS) running Proxmox with two virtual machines - PFSense (router) and file server (Debian/Samba). Both network cards are passed through to PFSense with the onboard ethernet for the server itself. The router provides segregated service to 3 businesses as well as a separate "DMZ"/wifi network, and about 375 GB on a network share which is basically just a local caching arrangement for a branch office operating over a VPN tunnel (via the #Cisco / #Meraki MX65 router below).
The router was previously a dual-#Xenon #rackmount machine running PFSense, which lost the no.2 processor. The file server was similarly a rackmount dual xeon machine with 3 x 300gb SAS drives running FreeNAS.
This rig has just enough slots for the network cards, just enough SATA and power connectors for the drives, and is hovering around ~4gb of data use .. so is exactly "right-sized". Given it's vintage (2011) I don't imagine keeping it up for long, but for now - cheap & works. Also, it's a lot quieter than the racked gear. And cooler.. and "greener".
[ #Server #Proxmox #PFSense #FreeNAS #Thinkcenter #Networking ]