Re: Directory Traversal
Based on my experience of Cisco products, its probably not a dumb question.
To create Cisco, a very specific development process is followed:
- startup creates software (quality varies, but lets say it's X)
- Cisco buys product and gives it a light rebrand and functionality remains similar to original. There may even be patches
- Cisco begins to integrate product X into its standard offering for that product portfolio. Imagine the screams of the damned as a product of quality X is merged with an existing internal product of quality Y where the quality of Y >> 0. The number of key features removed from both products should relate to the order of magnitude of the version change.
- while customers still but the product, keep mangling the software.
Now, given this process of mutilation, the idea of running security tools over the code will likely result in a "can we just disable that feature?" response rather than a "we should fix that" response.
Or worse, maybe Cisco sees these security vulnerabilities as a chance to upsell the solution to include firewalls to protect their flimsy solutions...