back to article What do you not want right now? A bunch of Cisco SD-WAN, Webex vulnerabilities? Here are a bunch of them

Cisco has issued a series of security updates for its SD-WAN and Webex software, just when they're most needed. Switchzilla says the SD-WAN code is host to five vulnerabilities ranging from privilege escalation to remote code injection. The five CVE-listed bugs (CVE-2020-3264, CVE-2020-3265, CVE-2020-3266, CVE-2019-16010, CVE- …

  1. Pascal Monett Silver badge
    Flame

    "at least one being a buffer overflow"

    Really ? A buffer overflow ? In 2020 ?

    Dear God that should be a hanging offense by now.

    1. HildyJ Silver badge
      Devil

      Re: "at least one being a buffer overflow"

      Hanging is not poetic enough. Sentence the CEO, CIO, CFO, heck, anyone whose title begins with a C, to spend 30 days in a locked portable toilet with a diet of beans and sausage. That'll teach them about buffer overflow.

      1. katrinab Silver badge
        Trollface

        Re: "at least one being a buffer overflow"

        With a sign saying "free toilet paper" on the door

    2. Anonymous Coward
      Anonymous Coward

      Re: "at least one being a buffer overflow"

      Care to submit some code to see if we need to plan your execution?

      And no...using others libraries won't cause us to be lenient...

    3. Richard 12 Silver badge
      Unhappy

      Re: "at least one being a buffer overflow"

      Within the last few months I and another reviewer asked an open-source project lead to reject a PR because its API alone had a buffer overflow vulnerability - it didn't even pass the size of the buffer at all, let alone check the data fit...

      The author of the PR then spent the next few weeks denying there could be a problem, and calling us trolls.

      They even said that the test case was "not a valid file" and so they wouldn't fix it.

      I don't know if that particular idiot works in the industry, but if they do it's pretty obvious that their professional projects will be worse...

  2. Anonymous Coward
    Anonymous Coward

    Another week, another bag of cisco vulnerabilities. Of course other gear has problems too, but at least their users aren't running cisco stuff.

    1. Anonymous Coward
      Anonymous Coward

      The difference is Cisco finds vulnerabilities, patches them and reports them.

      Yes, some are severe - most of the infrastructure vulnerabilities are very specific issues and have workarounds (i.e. ACL's using existing features of the product) available.

      For WebEx, yes it is high profile but is it part of the core product or an add-on utility where equivlent products from other vendors have similar issues? How often have you used offline players with other products or do the not have that functionality?

      1. Anonymous Coward
        Anonymous Coward

        So an outfit like Juniper doesn't report any vulnerabilities? Oh wait, they do.

        But still, cisco has a bit of a microsoft-esque flavour: Shitty.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020