Articles about Cisco

Computer with dead bug, Stacy Brunner CC2 license

Cisco splats Nexus, APIC, and security manager bugs

Grab the Cisco-branded fly-swatter, it's time for your weekly bug-splat. Top of the list are four high-severity bugs, in Nexus 9000 switches, security managers, and application policy controllers. The Nexus 9000 ACI Mode Switch has an issue in its ICMP implementation, remotely exploitable to cause a denial-of-service. An …
icelandic_hot_spring

Cisco starts 2016 with a spring in its step, pours cash into Springpath

Cisco sources tell us the company has invested in hyper-converged infrastructure software startup Springpath and is preparing an OEM deal. It is now in a position to acquire Springpath if it wishes to do so. There were rumours and speculation, as reported on The Register, that something was happening between Springpath and …
Chris Mellor, 05 Jan 2016

International Trade Commission pens patent love letter to Cisco

The International Trade Commission has handed Cisco another gun to fire at antagonist Arista, finding that the latter violated three Cisco software patents. The patents in question cover router management (US 7,162,537), and private VLANs (US 6,741,592 and 7,200,145). Since Cisco reckons Arista's in violation of twelve …
Ciscoblood

Arista slaps Cisco with countersuit in network hardware row

Arista Networks has countersued Cisco, accusing the network giant of unfair competition practices. On Monday, Arista submitted paperwork with the US Northern California District Court alleging that Cisco unfairly stifles competition by wielding copyright claims against rivals and coercing customers to only use Cisco hardware …
Shaun Nichols, 26 Jan 2016

Cisco borgs IoT outfit Jasper Tech for US$1.4 billion

Internet of Things service platform outfit Jasper Technologies has fallen into the maw of Cisco for US$1.4 billion. Twelve-year-old Jasper started life as a machine-to-machine wireless comms specialist (Jasper Wireless) before changing its name in 2014. According to Cisco's blog post about the acquisition, Jasper has 3,500- …

Cisco security kit wide-open to IKE bug

Patch it now and don't wait: Cisco has announced that a bunch of its Adaptive Security Appliance (ASA) products are vulnerable to a remote code execution bug. The problem is in how the ASA products reassemble fragmented Internet Key Exchange (IKE) payloads. Cisco's implementation of the fragmentation protocol has a bounds- …
trolley_shopping_648

Cisco swallows security firm Lancope for $452m

Cisco has announced its intention to acquire netsec firm Lancope for more than $452m in cash. The company aims to supplement its security offerings with those of Lancope's StealthWatch suite, which protects networks with live monitoring and behaviour analytics of network data flows. Cisco is doubling down on its netsec …
Satan in Hell from South Park

Cisco slings speedier SAN switches

Cisco's taken the whip to the FibreChannel horse, shipping a bunch of kit ready for the next iteration of the venerable storage area network (SAN) standard. In the kind of cutesy marketing-speak that makes people want to set fire to blog posts, The Borg reckons its 32G-ready, 768-16G-port MDS 9718 Director is called “the beast …
Danger sign

Cisco recalls switches that could short power to the case. And hurt you

Cisco is recalling a bunch of industrial Ethernet switches because it discovered the power source wiring could potentially short to the case. The IE 5000 is the company's series of ruggedised Ethernet switches, and the recall affects both version in the series, the IE-5000-12S12P-10G (1Gbps / 10Gbps, 28 ports) and the IE-5000- …
cisco asa 5505

Patch Cisco ASA ASAP: DNS, DHCPv6, UDP packets will crash them

Cisco has issued a firmware update to address four security flaws in its Adaptive Security Appliance (ASA) that open up the gear to denial-of-service attacks. By exploiting these bugs, six models in the ASA family can be forced to repeatedly reset, rendering the hardware useless. Vulnerable products include the Cisco ASA …
Shaun Nichols, 23 Oct 2015
Facepalm by https://www.flickr.com/photos/atoach/  cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Cisco forgets to ship management software with security appliances

Cisco has 'fessed up to forgetting the software needed to manage its Adaptive Security Appliances. “Some … security appliances were shipped without the Adaptive Security Device Manager (ASDM) on-box management software,” Cisco says in a field notice. And it forget for quite a while: product shipped between February to October …
Simon Sharwood, 10 Feb 2016

Cisco forgot to install two LEDs in routers

Cisco has forgotten to install all the light emitting diodes (LEDs) in some routers. The Register understands that the LTE-enabled C800 integrated service routers. models C896, C897, and C898, lack LEDs that indicate traffic is passing over the WAN. Cisco has 'fessed up to the mess in a field notice that says "... two LEDs and …
Darren Pauli, 15 Dec 2015

Cisco starts spewing vuln info everywhere, in a good way

Security folk will be able to suck down Cisco vulnerabilities notices in more ways than ever thanks to a new application programming interface launched today. The Cisco security team's (PSIRT) openvuln plug is a RESTful API supporting standards like Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and …
Darren Pauli, 15 Dec 2015
band_aid_patching_648

Cisco patches borked web box proxy hole

Cisco has patched a vulnerability in its Web Security Appliance that allows unauthenticated remote attackers to bypass security controls. The bug (CVE-2016-1296) allows attackers to use proxies when such traffic should be restricted. Affected users of versions 8.5.3-055, 9.1.0-000, and 9.5.0-235 should apply the released fix …
Team Register, 20 Jan 2016

Cisco's purple princesses gush workplace joy

The faceless drones among you whose workplace misery is compounded by the need to adhere to a strict dress code are invited to gaze with envy upon this blog post revealing that Cisco is - in contrast to its reputation as "a boring, stodgy company" - actually a hotbed of individuality, personal freedom and radical hair colour. …
Lester Haines, 05 Feb 2016

Cisco admins gear up for a late night – hardcoded password in wireless points nuked

Cisco sysadmins have a busy day ahead of them, with vulnerabilities announced in wireless LAN controllers, the Cisco Identity Services Engine, and Aironet access points. The Aironet 1800 series flaw, CVE-2015-6336, is that old favorite: a hardcoded static password granting access to the device. Luckily, the account with the …
Panic button

Cisco bitten by Java deserialisation bug, working on patch

November's high-profile Java deserialisation bug has bitten Cisco, with the company announcing vulnerabilities across the board in its huge product line. The problem is so pervasive that it reaches into the most trivial activities of the sysadmin, such as serial number assessment services. The original advisory made by …
Enter your password by https://www.flickr.com/photos/49889874@N05/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Cisco forgot its own passwords for seven weeks

Someone's palm is digging a hole into their face at Cisco, which has just admitted it shipped a bunch of servers with the wrong default password. “A number of C-Series servers have shipped to customers with a non-standard default password which prevents access to the Cisco Integrated Management Controller (CIMC) unless the …
Simon Sharwood, 12 Jan 2016
Cat from Cisco TV ad

Lock up your top-of-racks, says Cisco, there's a bug in the USB code

It's 2015, and the right stuff on a USB stick can still crash a substantial switch. Cisco hasn't yet worked out how to fix this vulnerability, and as a result, the details it offers in the advisory are sparse. What we can glean from the note is that the crash can only be triggered by a local user. Here's how Cisco explain the …
open_door_648

Cisco cops to enterprise IOS XE vulnerability

Cisco’s latest operating system update ships with a vulnerability that could let hackers seize control of network devices. The giant has admitted to the hole in its IOS XE release 16.1.1 that, if exploited, would let an attacker force a device to reload. IOS XE is Cisco’s operating system for routers, switches and appliances …
Gavin Clarke, 23 Dec 2015
Yodas

Scality hires ex-Cisco chief marketeer

After quite a lengthy search, Scality has appointed ex-Cisco man Syed Hoda as its chief marketing officer. The object storage startup has got itself a Cisco veteran who left in 2013 to join ParStream as its CMO, only for that IoT Big Data analytics firm to get bought by Cisco in October. Before that Hoda had been with Cisco in …
Chris Mellor, 15 Dec 2015

Cisco wins wireless net hand-off patent battle

While most of the world was sleeping off its Christmas food-fest, appeals judges in the US killed off a long-running lawsuit against Cisco. In the eight-year sueball spat, a company called Commil USA reckoned The Borg had infringed its US patent 6,430,395 ("Wireless private branch exchange and communicating between mobile …
WebEx for Android

Cisco plugs WebEx for Android bug

If you work for the kind of company that imposes the WebEx experience even on mobile users, it's update time. A bug rated medium severity by Cisco has emerged, in which a malicious Android app could borrow the permissions held by WebEx Meetings for Android. Unfortunately, those permissions are quite extensive (app developers …

Cisco drops 11 clock-crashing patches for 46 things, probes 142 more

Cisco has patched 11 remote denial-of-service and network time protocol vulnerabilities spanning at least 46 products and is investigating a further 142 offerings which may be affected. The patch bomb is an ongoing effort to crush the medium-severity CVEs that can allow unauthenticated attackers to mess with NTP servers …
Darren Pauli, 29 Jan 2016
trolley_shopping_648

Cisco borgs UK infosec bods

Cisco Systems is buying Portcullis Computer Security, a UK-based firm specialising in consulting to enterprise and government clients. Both firms are staying tight-lipped about the value of the deal which is expected to complete early in 2016. When that happens Portcullis employees will become part of the Cisco Security …
Boy slurps watermelon. Credit: Shutterstock

Cisco slurps Acano for $700m

Cisco is to hoover up London-based video conferencing and collaboration tech outfit Acano for $700m. The Uxbridge-based organisation, whose software bridges the gap between the physical and the cloud-based worlds, was founded in 2012 by former Cisco and Tandberg staffers. It has offices in the UK, US and Australia. The …
Paul Kunert, 23 Nov 2015
Cartoon - Private SNAFU

Cisco shipped UCS servers with rotten RAID settings

If you've been wondering about the server performance in your Cisco Business Edition 6000/7000 telephony system, wonder no more: The Borg has issued a field notice that the system shipped with misconfigured RAID. The Cisco field notice advises sysadmins that the correct settings for the kit are as follows: Read Ahead Policy …
Roughly 150kg of gold

Daisy Group joins Cisco ranks of Gold tier services slingers

Daisy Group is positively dripping in Cisco’s top level Gold accreditation, a move we predicted some months back. The highly acquisitive tech and comms outfit made Phoenix IT Group its latest conquest earlier in the summer and behind the scenes set up talks with Cisco to get the Gold authorisation. For those with short …
Paul Kunert, 28 Sep 2015

Cisco hooks Angler Exploit Kit infrastructure

Security researchers at Cisco have struck a blow against crooks behind the notorious Angler Exploit Kit, blocking or re-routing access around dangerous domains on the interwebs. Angler has been linked to high-profile malvertising and ransomware campaigns over recent months. The utility uses software vulnerabilities (in …
John Leyden, 06 Oct 2015
A Chinese laundry on the back streets of Shanghai

EFF wants Cisco in front of a judge over tech for China's 'Great Firewall'

The Electronic Frontier Foundation (EFF) is hoping to help re-start a lawsuit against Cisco over whether or not it provided technology China's government used to facilitate human rights abuses. The row over China's "Golden Shield" (aka the Great Firewall) has gone on practically forever, with Amnesty accusing Cisco of …
band_aid_648

Cisco Jabbers in the clear due to STARTTLS bug

Updated 'Twas the night before Christmas, when sysadmins probably weren't watching their advisory feeds, that Cisco announced a vulnerability in its Jabber for Windows. The advisory suggests users of Jabber for Windows 10.6.x through to 11.1.x upgrade, because those versions are vulnerable to a STARTTLS man-in-the-middle downgrade …

Cisco probes self for Juniper-style backdoors, silently mouths: 'We're doing this for yooou'

In the wake of the Juniper firewall backdoor scandal, Cisco is reviewing its source code to make sure there are no similar nasty surprises lurking within. "Our development practices specifically prohibit any intentional behaviors or product features designed to allow unauthorized device or network access, exposure of sensitive …
Iain Thomson, 22 Dec 2015
band_aid_patching_648

Cisco's telco-grade uber-routers can make almost anyone root

Oops: Cisco has announced a privilege escalation bug in its Aggregation Service Router 1000 Series. There's a lot of cases where local privilege escalation isn't such a big deal, but it's moderately-serious when it means a low-privilege sysadmin can get root access to a unit that has 100 Gbps-plus configurations in carrier and …

Cisco gobbles OpenDNS, sorts out cloud security portfolio

Cisco will buy privately held net security firm OpenDNS for $635m in cash, to make good its cloud security portfolio and boost the networking giant's "security everywhere" approach. Announcing the deal today, the leviathan is offering the bundle of cash alongside assumed equity awards, plus retention based incentives for …
Still from Back to the Future II. Pic: Universal

Ericsson and Cisco ink deal for networks of the future

Cisco and Ericsson have formalised a decade-long, strategic partnership to allow the two firms to work together on cloud, 5G, IP and the Internet of Things tech. The outfits claimed today that the courtship could help each firm ring up $1bn in sales by 2018. Financial terms of the multiple agreements signed by the two parties …
Kelly Fiveash, 09 Nov 2015
Cisco TiVo PVR

Cisco Australia bumps prices by 12.83 per cent, for second time this year

Cisco Australia is raising its prices by 12.83 per cent, making this the second such rise for the year after a March price increase of 12 per cent. The Register has seen emails from local resellers advising users to buy Cisco kit sooner rather than later, or pay more as of November 9th. Cisco Australia's confirmed the price …
Simon Sharwood, 05 Oct 2015
band_aid_648

Cisco patch day fixes CGI script blunder, hard-coded credentials

If you've got a Cisco Unified Computing System or a Firepower 9000 Series appliance, get busy patching. The Borg says it slipped up and let a CGI script make unprotected calls to shell commands. By fooling around with the URL, an attacker would be able to send arbitrary commands to the affected kit. All versions of UCS …
Cisco 3560-CX series switch

Cisco shocker: Some network switches may ELECTROCUTE you

Oh dear: Cisco is warning that screws in a couple of its compact Catalyst switches may be poking into wires carrying live voltages. In this field note, the Borg says the problem occurs when WS-C3560CX or WS-C2960CX switches are installed without a mounting tray – for example, screwed to a desk, shelf, or wall. Screws not …
band_aid_648

Cisco applies plaster to email, Web security appliances

Cisco email and Web security appliance customers have some patching to do to paper over newly revealed denial-of-service and other cracks. The Borg has issued two advisories for Web security appliances, one covering a DoS bug and the other addressing a problem with DNS resolution. In the DNS issue, a remote attacker can hose …
still_life_with_skull_cropped_648

Cisco ISE carries HTML authentication bug

Cisco's identified a bug in its Identity Services Engine: its admin portal doesn't properly authorise HTML requests, and that can let an attacker see custom pages an admin has created. The reason it matters is that sys admins' custom pages can contain sensitive security information about the network that ISE is managing. “The …

Cisco IOS-XE update time: Squash that DoS bug

Bad error message handling has opened up Cisco's IOS-XE versions prior to 3.13S to a remote denial-of-service (DoS) attack. The company's threat advisory hints that the exploit was brought to Cisco's attention by an independent researcher, since it states that "functional exploit code exists; however, the code is not known to …
Boy slurps watermelon. Credit: Shutterstock

Cisco to acquire ParStream for IoT data-sifting

Cisco-backed database and analytics newcomer ParStream is being re-assimilated, with the Borg announcing it's going to buy the "big data analytics" company (as it describes itself). The Borg has signalled its interest in sifting Internet of Things data for quite some time, and since ParStream grew out of Cisco's "Entrepreneurs …

Cisco network kit warning: Watch out for malware in the firmware

Cisco has warned users to watch out who's got admin access to kit, because it's seen malicious ROM images in the wild. The problem is that this isn't something the Borg can just issue a patch for. Admins – with appropriate credentials, naturally – need to be able to drop new ROM images on their kit as a matter of course. "The …
management project5

Cisco decides that to save the cloud, it must hunt it with prejudice

Cisco has launched a software-as-a-service-based attack on shadow IT. To understand it, indulge me by learning that one of the first big launches your correspondent covered was that of Computer Associates Unicenter TNG Framework, a slimmed-down version of the enterprise management tool that – if memory serves – included a …
Simon Sharwood, 14 Jan 2016
Cat from Cisco TV ad

Cisco tool IDs malware in the firmware

Cisco's moved on the “SYNful knock” vulnerability with a free tool letting admins test their routers for fudged firmware. The vulnerability emerged in August, when The Borg warned that its ROMMON firmware had been reverse-engineered. That meant a privileged user could flash routers with compromised versions. Within a month, …
Working Girl film

Apple muscles in on biz world AGAIN – this time with Cisco pact

Apple has inked a deal with networking giant Cisco, as Cupertino beefs up its efforts to pull in more business customers. Financial details of the agreement were kept secret. But the motivation was clear: to make iOS devices work more smoothly on networks that use Cisco kit. Apple said it planned to integrate its iThings with …
Kelly Fiveash, 01 Sep 2015
Spaghetti with tomato sauce

Pasta is now a THING, says Cisco

QR codes are now officially part of the Internet of Things hype-cycle. That news comes courtesy of Cisco, which has inked a deal with Barilla, under which the codes will be printed on pasta packs to try and add some kind of Thingish excitement to one of the world's starchy staples. No, really. Here's The Borg's press …
Cat from Cisco TV ad

Cisco sees APAC turnaround, but enterprise and router sales slide

Cisco has turned in Q1 revenue and income well ahead of the same-time last year numbers, but has given traders a chill with less-bullish guidance for the future. The first quarter 2016 revenue, at US$12.7 billion, was only 3.6 per cent better than Q1 2015, but slimming down its costs meant the Borg reported net income of $2.4 …
A beautiful new Cisco vuln report

Cisco reforms its security disclosure process

Cisco has reformed the way it discloses vulnerabilities in its products. The company's adopted a new and – it says – “enhanced and simplified” view of vulnerabilities in its products, cooked up its own Security Impact Rating (SIR) scores to let you know just how deep you're in it when a vuln appears, adopted the CVE system and …
Simon Sharwood, 06 Oct 2015

Cisco plays Victor Kiam to MaintenanceNet's Remington

Long-time Cisco US supplier MaintenanceNet has been assimilated, to help The Borg digitise its business processes. The acqui-hire's US$139 million price tag includes both cash and “retention incentives”, Cisco's Debbie Dunham says in the post announcing the transaction. Dunham, senior veep for Global Customer Success, writes …