Cisco’s issued 16 patches, the silliest of which is CVE-2018-0222 because it’s a hard-coded password in Switchzilla’s Digital Network Architecture (DNA) Center.
“The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software,” Cisco’s admitted.
As you’d expect, “An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges.”
Oh great.
Cisco’s been here before, with its Aironet software. And who could forget the time Cisco set the wrong default password on UCS servers? Such good times.
The company’s also reported a critical vulnerability in the way the same product runs Kubernetes and a nasty flaw in its network function virtualization infrastructure.
Source: Seriously, Cisco? Another hard-coded password? Sheesh • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft