back to article Finally done with all those Patch Tuesday updates? Think again! Here's 33 Cisco bug fixes, with five criticals

Cisco has emitted 33 security bug fixes in its latest crop of software updates, five of those deemed critical. Those five critical vulnerabilities include two remote code execution bugs (CVE-2020-3323, CVE-2020-3321) – with no workarounds for either other than patching – and one each of authentication bypass (CVE-2020-3144), …

  1. Lyndon Hills 1

    443 bugs

    What a lovely number of security bug fixes. I wonder if they saved some up till they got the right number?

    1. Robert Grant Silver badge

      Re: 443 bugs

      It's the securest number!

    2. Pascal Monett Silver badge

      Re: 443 bugs

      They would have waited for 444 in that case.

      1. Kabukiwookie

        Re: 443 bugs

        I have the same code on my suitcase.

        1. Mystereed

          Re: 443 bugs

          I used to use 404 on mine, but they kept getting lost :-(

  2. Version 1.0 Silver badge

    Todays bugs fixed

    443 bugs fixed - does anyone think that there are not more bugs out there undiscovered yet? Or that implementing 443 bug fixes in one day will not lead to a few new bugs, where one bug fix interacts with another bug fix to introduce a new bug that we don't know about yet?

    1. Anonymous Coward
      Anonymous Coward

      Re: Todays bugs fixed

      "Or that implementing 443 bug fixes in one day will not lead to a few new bugs"

      How will you tell the difference between the bugs you're hitting before or after?

      Or are the fixes intended for hackers who have successfully compromised Oracle installs and find the platform too unstable to launch attacks from?

  3. fidodogbreath Silver badge

    Adobe: This release fixes 442 bugs in Flash.

    Oracle: Hold my beer...

    1. David 132 Silver badge

      Ah yes, Flash. A product where the number of bugs exceeds the number of features.

      Or indeed, lines of code.

  4. HildyJ Silver badge

    Cisco being Cisco

    I wonder how many unpatched known vulnerabilities are out there. I know of at least one which affects the "Secure Boot" process and allowed the fake Cisco routers to function but there are undoubtedly many more. I don't keep track because I've purged Cisco from my system.

    1. Kabukiwookie

      Re: Cisco being Cisco

      I hear you may be able to pick up Huawei kit for pennies on the pound shortly from UK telcos...

    2. Anonymous Coward
      Anonymous Coward

      Re: Cisco being Cisco

      I'm not sure the bug was within Secure Boot - if you had access to the hardware you could flash a counterfeit loader that bypassed some checks. As the manufacturer didn't make the hardware or hacked bootloader, your checks maybe inadequate but that opens up a huge range of hardware to the same charge given the equipment release date.

      Secure boot was introduced at about the 2nd or 3rd maintenance release for 2960X switches at which point counterfeit switches failed to boot due to a hardware limitation.

      This is based on my experience of RMAing faulty 2960Xs. Cisco realised they were grey market as soon as a TAC case was opened with the serial numbers and the reseller was very sheepish about replacements.

  5. NetBlackOps Bronze badge

    I find it rather irritating that I continue to see "Static Credentials" on the list of Cisco bugs yea?r after year. Why haven't they gone through and stripped those on every piece of software/hardware long ago The first time it popped up. Oh, right, it's the NSA approved bug.

  6. Klimt's Beast Would




POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022