The Register Home Page

Search
Navigation

back to article Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform

If you're running the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, you need to apply Cisco's urgent patch after someone at Switchzilla made a big mistake. Cisco Unified Communications Manager (CM) consolidates IP telephony, high-definition video, unified messaging, …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Jou (Mxyzptlk) Silver badge

    Does Cisco use Ciso gear inside?

    Or do they mix vendors for themselves for security reasons?

    14 0 Reply
    1. MiguelC Silver badge
      Reply Icon
      Trollface

      Re: Does Cisco use Ciso gear inside?

      For best security they wouldn't use Cisco equipment at all

      May I recommend Huawei? It seems the TLAs have trouble getting into those...

      10 4 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Does Cisco use Ciso gear inside?

        Depends if you want to sell to the US or not. If you do want to sell to the US, you can't have Huawei in your business or your supply chain (you're required to self-certify this to pass compliance).

        6 0 Reply
      2. druck Silver badge
        Reply Icon

        Re: Does Cisco use Ciso gear inside?

        No, as UKCSG found, there is no evidence of intentional backdoors, as they are so full of unintentional holes anyone can get in anyway.

        0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Lack of security in development… <sigh>

    8 0 Reply
  3. Mishak Silver badge

    Development Accounts

    Maybe their setup is more complicated than what I'm used to, but I use "Release" and "Development" builds of my projects to make sure "hacks to make development easy" don't compromise the product!

    5 0 Reply
    1. Jou (Mxyzptlk) Silver badge
      Reply Icon

      Re: Development Accounts

      They have to earn money, not make quality. This is not the cisco from the 1980's or early 90's.

      10 0 Reply
      1. Charlie Clark Silver badge
        Reply Icon

        Re: Development Accounts

        Agreed. For years Cisco has been doing what the rest of US industry does and that's buy up anything that looks like it might be competition, migrate customer accounts and essentially freeze any development.

        2 0 Reply
  4. pc-fluesterer.info
    FAIL

    "Mistake"?

    "forget" hardcoded credentials is a mistake?

    Or is it intention, perhaps because Uncle Sam wanted this backdoor?

    Anyway this is unbelievable and unforgivable.

    7 1 Reply
  5. Anonymous Coward Silver badge
    Facepalm

    Hardcoded credentials, even in a development branch, is not a mistake. It's malicious. Anyone doing that for cisco should be fired along with everyone who pushed this through to production without noticing.

    Seeing as that's allowed to happen, along with all the other issues of late, I really don't think cisco kit can be seriously considered for any project. How are they still in business?

    11 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    hopefully the two users of CM will take note

    9 0 Reply
  7. Excused Boots Silver badge

    Yes, a percent 10,

    We’re number one, we’re number one.

    Ah, wait hang on a minute.......

    1 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    Spooks?

    Oh, so they found the spooks back door then.

    Anonymous because...they're watching of course!

    2 0 Reply
  9. IGotOut Silver badge

    So...

    Huawei "may" have hidden security credentials. Bad. Ban them.

    Cisco HAS hidden backdoor. Good! USA! USA! USA!

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like