SoylentNews is people
SoylentNews
Cisco released 22 security advisories yesterday, including two alerts for critical fixes, one of them for a hardcoded password that can give attackers full control over a vulnerable system.
The hardcoded password issue affects Cisco's Prime Collaboration Provisioning (PCP), a software application that can be used for the remote installation and maintenance of other Cisco voice and video products. Cisco PCP is often installed on Linux servers.
Cisco says that an attacker could exploit this vulnerability (CVE-2018-0141) by connecting to the affected system via Secure Shell (SSH) using the hardcoded password.
The flaw can be exploited only by local attackers, and it also grants access to a low-privileged user account. In spite of this, Cisco has classified the issue as "critical."
Although this vulnerability has a Common Vulnerability Scoring System (CVSS) Base score of 5.9, which is normally assigned a Security Impact Rating (SIR) of Medium, there are extenuating circumstances that allow an attacker to elevate privileges to root. For these reasons, the SIR has been set to Critical.
The reasons are that an attacker can infect another device on the same network and use it as a proxy for his SSH connection to the vulnerable Cisco PCP instance, allowing for remote, over-the-Internet exploitation.
Source: https://www.bleepingcomputer.com/news/security/hardcoded-password-found-in-cisco-software/
(Score: 4, Insightful) by bob_super on Friday March 09 2018, @10:12PM (4 children)
Or maybe you could take a minute to consider that this nutty marketing buzzword soup is targeted at CIOs of companies with networks of hundreds to tens of thousands of machines, most of which are probably administered very remotely.
(Score: 1) by cocaine overdose on Friday March 09 2018, @10:17PM (1 child)
I considered that and I addressed it. And I will repeat my self: "it's better in every way not to use enterprise solutions -- if you're not skimping on quality."
(Score: 4, Funny) by frojack on Friday March 09 2018, @10:38PM
Of course they are skimping on quality.
When was the last time you priced out replacing 20,000 Windows XP machines?
How else are you going to do network management on your far flung campuses so that your (salesmen, accountants, paper pushers) can get something done instead of installing yet another patch tuesday upgrade?
You are delusional if you think all these people are running high end machines. You are crazy if you let them choose the software they run.
You get a contract from low-bidder computer supplier, you get a site license from Microsoft, you burn images to hard drives on bare bones machine. They need a Browser, Office Suite and Outlook and nothing else.
Next month, another 20,000 machines.
You don't need, and can't afford no sinkin quality. Come around here with that mentality and they will send you packin.
No, you are mistaken. I've always had this sig.
(Score: 4, Insightful) by insanumingenium on Friday March 09 2018, @10:32PM
You forgot that those CIOs probably have no idea how the actual administration happens, but are tasked with making it "more agile" or some other BS idea.
(Score: 2) by LoRdTAW on Saturday March 10 2018, @01:30AM
Did you happen to see his name? Says it all.