Cisco Issues Vulnerability Warning For Its Voice OS

Rengar

Level 17
Thread author
Verified
Top Poster
Well-known
Jan 6, 2017
835
Issue could allow an unauthenticated, remote attacker to gain unauthorized access to affected devices.
Score one for the good guys: Cisco has caught its own security vulnerability and has already issued a patch to prevent hackers from exploiting a flaw in as many as twelve of its voice-activated OS products.

According to a statement from the company, “When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action.”





Root access state
To be clear, the original products themselves seem to be secured. It’s only when users download the update to their favorite Cisco products–a commonly advised step, considering the numbers of updates that are intended to fix security holes–that the vulnerability crops up, one that has been labeled as Critical by the developer. Hackers could potentially work their way into the now-unsecured software by entering while in its root access state.

Patch issued
The patch has already been issued, but this incident speaks to the higher need for consumers and tech users at every level to enact good cybersecurity practices. While the update itself seems to have opened the door to malicious activity, the follow-up patch remedies the situation; a casual user who doesn’t stay on top of their update activity could inadvertently expose the flaw then fail to close it by not monitoring their updates.

Some of the affected Cisco products include Cisco Prime License Manager, Cisco SocialMiner, Cisco Emergency Responder, and Cisco MediaSense. “If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top