42: The Answer To Life, The Universe, And How Many Cisco Products Have Struts Bugs

Borg starts appraising its exposure to Apache problem More than 42 Cisco products might inherit the Apache Struts bug

Attack Method Highlights Weaknesses in Microsoft CFG
PATCH Act Calls for VEP Review Board
Google Cracks Down On Nosy Android Apps

Borg starts appraising its exposure to Apache problem

More than 42 Cisco products might inherit the Apache Struts bug that emerged last week.

Last Tuesday, Semmle researchers revealed the bug, which lets an attacker send a crafted request to Struts’ REST API to inject malicious code.

Like many vendors, Cisco long ago adopted the open-source Apache for its Web interfaces, and went to work identifying where the vulnerable Struts frameworks are in use.

To date, Switchzilla announced on Friday, it’s found 42 products across a wide swathe of its portfolio.

Products in its collaboration and network management ranges, the Identity Services Engine, a bunch of Cisco Prime software, voice and unified communication, video and telepresence, and hosted services are currently under investigation.

Because the bug allows remote attackers to execute code – in this case, on sensitive kit – Cisco has assigned the “critical” tag to its advisory (in line with Apache).

Cisco says the advisory will be updated if and when it identifies vulnerable products, posts patches, or develops workarounds. ®

Sponsored:
Five counterintuitive mistakes made by companies going digital

Go to Source

COMMENTS