As we covered in an earlier post, there appears to be a security issue with Cisco Works.
Now, more information has emerged about what appears to be a back door that allows anyone who can telnet to a port on the Cisco Works box to execute OS commands with high levels of privilege. Essentially turning the Cisco configuration and monitoring tool into a pretty powerful weapon for an attacker.
No word yet on how this back door got into the code, what steps have been taken to make sure this doesn’t happen again or anything else beyond the “ooops and here is a patch” statement. Cisco is hopefully increasing their code management, security testing and QA processes to check for this and other forms of application security before they release code to the public.
Once again, Cisco has shown, in my opinion, a serious lack of attention to detail in security. Given their mission-critical role in many enterprise networks and the global Internet, we should and do expect more from them than from an average software developer. Please, Cisco, invest in code testing and application security cycles in the SDLC before something really bad happens to a whole bunch of us…