News Cisco Inadvertently Leaked In-House Dirty COW Exploit Code In Its Software - Printable Version +- Red Security (https://redsecurity.info/cc) +-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1) +--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4) +--- Thread: News Cisco Inadvertently Leaked In-House Dirty COW Exploit Code In Its Software (/showthread.php?tid=843)

Cisco Inadvertently Leaked In-House Dirty COW Exploit Code In Its Software - Mad-Architect - 11-12-2018    CISCO, a popular vendor for computer network equipment, had a good start to the week when they accidentally leaked a Dirty COW exploit code during several security advisories. CISCO confirmed this, stating that it was an internal "Quality Assurance" or QA failure that resulted in the release of the exploit code.   CISCO had this to say in their advisory:   “A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco in validation scripts to be included in shipping software images. This includes an exploit for the Dirty CoW vulnerability (CVE-2016-5195).”  They also stated the issue affected CISCO Expressway Series and CISCO TelePresence Video Communication Software, the versions in question are image versions X8.9 through X8.11.3.    The exploit itself, designated CVE-2016-5195, was a privilege escalation flaw mainly affecting Linux Kernel features, but then in 2017, it was discovered that it was affecting Androids as well.    With this said, CISCO did confirm that this does not pose any type of security threat.    That was the news folks, have a good week and stay safe out there.   ----Mad-Architect(RS)