back to article Cisco's telco-grade uber-routers can make almost anyone root

Oops: Cisco has announced a privilege escalation bug in its Aggregation Service Router 1000 Series. There's a lot of cases where local privilege escalation isn't such a big deal, but it's moderately-serious when it means a low-privilege sysadmin can get root access to a unit that has 100 Gbps-plus configurations in carrier and …

  1. Tom Samplonius

    Except that the Cisco ASR1000 series are hardly "uber routers". I think the largest ASR 1000 can do 200Gbps, but the most common 1000s are 1 to 5Gbps. They are often used as CPE routers by telcos for enterprise services. Or as Internet edge routers by larger businesses.

    And the reality is, that privilege escalation is not a big deal, on such routers, because the staff that have any sort of CLI access and those who have full privileges are usually the same. Companies with untrusted help desk staff may be an issue, but such staff are rarely given any sort of login.

    1. -v(o.o)v-

      Not really - even the 1001 can do minimum 2.5 Gbps to max 5 Gbps and the 1001-X up to 20 Gbps. The largest model does 400+.

  2. glen waverley
    Pint

    ... can make almost anyone root

    So one of these could liven up the office Xmas party?

    (Given the usual meaning of "root" to an Aussie!)

    Icon cos beer might still be cheaper.

  3. DavidRa
    WTF?

    Root requires a LICENSE?!

    Is it just me or is the more surprising story here that getting root (is this just full administration rights?) access "legally" to these routers, as the device owner, also requires payment of a license!?

    1. phuzz Silver badge
      Gimp

      Re: Root requires a LICENSE?!

      Surprising if you've not worked with Cisco kit before, but gimping software features until you pay up is depressingly common.

      You can't even download updated firmware (or even bug fixes) from Cisco without a valid support contract.

      1. DavidRa

        Re: Root requires a LICENSE?!

        Oh, no I've worked with Cisco kit before - just not anything that requires a separate license to enter the "enable" command (and presumably to create a user with privilege level 15 or its equivalent).

      2. -v(o.o)v-

        Re: Root requires a LICENSE?!

        There is no enforcement, the licensing is "honour based".

        Also, Cisco must provide security updates for everyone.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019