Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 2 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Cisco Inadvertently Leaked In-House Dirty COW Exploit Code In Its Software
[Image: CiscoLogo-Case-Study-Icon_380x320.jpg]

   CISCO, a popular vendor for computer network equipment, had a good start to the week when they accidentally leaked a Dirty COW exploit code during several security advisories. CISCO confirmed this, stating that it was an internal "Quality Assurance" or QA failure that resulted in the release of the exploit code. 

 CISCO had this to say in their advisory: 

 “A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco in validation scripts to be included in shipping software images. This includes an exploit for the Dirty CoW vulnerability (CVE-2016-5195).”

 They also stated the issue affected CISCO Expressway Series and CISCO TelePresence Video Communication Software, the versions in question are image versions X8.9 through X8.11.3. 

  The exploit itself, designated CVE-2016-5195, was a privilege escalation flaw mainly affecting Linux Kernel features, but then in 2017, it was discovered that it was affecting Androids as well. 

  With this said, CISCO did confirm that this does not pose any type of security threat. 

  That was the news folks, have a good week and stay safe out there.

01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Possibly Related Threads…
Thread Author Replies Views Last Post
Star News WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug News 0 400 11-07-2020, 04:13 PM
Last Post: News
Star News Google Project Zero Discloses Nasty Windows 0-Day Security Exploit Already In The Wi News 0 401 11-01-2020, 06:12 AM
Last Post: News
Star News Joplin 1.0.245 Cross Site Scripting / Code Execution ≈ Packet Storm News 0 340 09-29-2020, 07:43 AM
Last Post: News
Star News Homeland Security Issues Urgent Windows Security Warning Over Zerologon Exploit News 0 427 09-21-2020, 09:26 AM
Last Post: News
Star News Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution - CXSecu News 0 435 09-18-2020, 08:12 AM
Last Post: News
Star News ManageEngine Applications Manager Authenticated Remote Code Execution - CXSecurity.c News 0 400 09-06-2020, 01:51 PM
Last Post: News
Thumbs Up News Citrix Bugs Allow Unauthenticated Code Injection, Data Theft Mr.Kurd 1 736 07-15-2020, 12:28 AM
Last Post: EthelCrife
Exclamation News Windows SMB Protocol Bug Let Hackers Leak Kernel Memory & Execute a Code Remotely Mr.Kurd 0 718 06-12-2020, 08:24 AM
Last Post: Mr.Kurd
Question News Critical Remote Code Execution Bug in Linux Based OpenWrt OS Affects Millions of Netw Mr.Kurd 0 707 03-25-2020, 08:11 AM
Last Post: Mr.Kurd
Star News Trend Micro Patched Zero-Day Vulnerabilities Under Active Exploit Mr.Kurd 0 626 03-23-2020, 07:54 AM
Last Post: Mr.Kurd

Users browsing this thread: 1 Guest(s)