InfoSec News & Investigations

Cisco faces criticism after a hacker finds 120+ bugs in its product


A triad of severe vulnerabilities in Cisco DCNM (Data Center Network Manager) stock allows hackers to remotely sidestep the verification and invade into companies’ servers, the reason being a few safety failures that include hard-coded creds.

The 3 vulnerabilities were in the huge 120 vulnerabilities list in the stock discovered by the hacker Steven Seeley, who currently works for Source Incite. It was Steven who informed the company about the issue through a glitch hunt program called Zero Day Initiative, by Trend Micro. 

In an interview with Computer Business Review, he Australian cybersecurity specialist/hacker said that “the group of 3 vulnerabilities are the most dangerous among the 120 vulnerabilities, and if the hackers get a hand of it, they can exploit it using execution as root through remote code. It is as simple as that.”

Simon further says that by exploiting these vulnerabilities, the hacker could easily gain access to almost anything like personal information, credentials, and passwords.
“I was rejected by the company Cisco after 8 interviews,” said Simon on Twitter.

In response to the situation, Cisco has urged its users to update their systems and software, as to stay safe from the bugs. Earlier this week the company said, “we have repaired the vulnerabilities in and users are requested to immediately update the software.”

Unfortunately, the readers of Computer Business Review are well aware that not all the products were built to be the same when it comes to patch management, the issue being that most of the critical bugs are neglected by the company.

In a conversation with Computer Business Review, Simon said that he will release the source codes this coming week. He mentioned that the vulnerabilities were very minor to exploit, but it did consume mind-boggling research to find the bugs in the starting phase. “The research consumed a whole month along with reviewing the code origin and debugging the run-time.”

Cisco says the trio of the vulnerabilities is not dependent on each other. A single vulnerability itself is capable of the exploit, let alone the trio. Cisco has released the latest security patch on its website. The users who have still not updated it can install it from the ‘download center’ on the website.
Original Source