Sigh. Cisco security kit has Java deserialisation bug and a default password SNAFU

www.theregister.co.uk | 3/7/2018 | Staff
TimHyuga (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2016/05/05/shutterstock_shocked_baby.jpg?x=1200&y=794

Switchzilla's security developers have served up a parcel of patches.

First up, there's a gem in the company's Secure Access Control System. The ACS (which ceased sale in August 2017) is a hardware-based login gatekeeper, and it's got a remotely-pwnable Java deserialisation bug.

Cisco - Notice - CVE-2018-0147 - Attacker - Bug

Cisco's notice for CVE-2018-0147 says an attacker could exploit the bug with a crafted Java object, and gain root privilege.

The bug affects all units running software up to version 5.8 patch 9, and fortunately while no longer sold, the Secure...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Never argue with an idiot, the spectators may not be able to differentiate between you.
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!