back to article Cisco emits 25 security bug fixes for IOS, takes second crack at patching WAN router SNAFUs

Just as Cisco is looking to close up more than two-dozen security flaws in networking boxes, researchers are claiming a set of previously-issued patches are failing to work properly. Bug-hunters with German testing group RedTeam Pentesting GmbH said today that two fixes included in a recent update for the RV320 Gigabit WAN …

  1. Anonymous Coward
    Anonymous Coward

    Bit of an understatement

    "Found to be incomplete" is a bit of an understatement.

    Ciscos "professional" (said very much in sarcasm) developers decided the best way to fix the problem was to drop HTTP requests if their User Agent field mentioned 'curl' (the library and cli utility).

    https://twitter.com/RedTeamPT/status/1110843396657238016

    They didn't seem to realise that's a user setting field. Trivially user settable (curl has the -A "I'm internet Eploder, really" option just for this).

  2. elip

    quality stuff

    Why are people still buying from Cisco?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020