Cisco warns of security holes in its security appliances Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and …
https://www.theregister.com/2022/06/16/cisco_critical_patches
-> Cisco noted that its security team is not aware of any in-the-wild exploitation, so far
If they are using Cisco security products maybe they would not know. Maybe there are so many bugs and bypasses and vulnerabilities in Cisco equipment that they would never know.
It is time to ban Cisco equipment on the grounds of national insecurity.
We hear about a lot of Cisco bugs/security flaws, but there is good reason for this.
Cisco have always been very open about bugs, with a good system to report them and track progress, and if you actually bother to look at the dates they're usually rectified within a week.
Compare that to other companies that keep security flaws quiet, and some never bother to fix them, it doesn't make them more secure just because you don't hear about their vulns.
You're always going to have flaws in software, the key is to deal with them transparently and fix them quickly.
To compare, Fortinet have slightly less than half of the CVEs than Cisco for 2022, but Cisco have 20x more product lines.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
