Re: Real point here
Cisco has processes in place to reduce these vulnerabilities.
And one of those process is to believe that no one else is smarter than Cisco, hence, they blacklisted the curl useragent. Who actually approved this "fix"? (Maybe I should ask the question: Did SOMEONE approve this fix?)
No, Cisco has dropped the ball. Again. The "quality" of their code, an example is IOS-XE, makes me want to hang my head in shame. There are tons of bugs that should've been picked up during "internal testing" but it's not.
Cisco is cutting a lot of corners. And it is starting to show.
(Oh well, as long as the shareholders and happy.)