Tuesday, January 15, 2013

DefenseCode: Linksys 0 Day Vulnerability

DefenseCode: Linksys 0 Day Vulnerability

Security professionals DefenseCode identified a security vulnerability in Linksys router software, which allows people to achieve privileged command line access without authentication. There is no known patch, at this point, to thwart the exploit.
Whose Talking:
The exploit has been reported inTech/Science news like The Register and Slash-Dot and Net-Security and
It appears the exploit.

A Register User quotes DefenseCode CEO Leon Juranicvor regarding internet vulnerability:
We're still investigating some tricks to exploit this vulnerability from the internet, but for now, yes - it seems safe from the outside of the network. Of course, unless services are available from the internet
Cisco has responded to The Register:
"Linksys takes the security of our products and customers’ home networks very seriously. Although we can confirm contact with DefenseCode, we have no new vulnerability information to share with customers – for our WRT54GL or other home routers. We will continue to review new information that comes to light and will provide customer updates as appropriate."
Cisco has responded, according to Net-Security:
After the researchers posted their findings online, Cisco finally got in touch again. They are expected to release a fix in time for the full advisory, which should see the light of day in about 10 days.
There is a vulnerability, a patch is coming, and everyone knows about it.
Implications: If you are a Network Operations Center, keep an eye out for the patches coming from Cisco/Linksys and get ready for a huge patch software automation. If you do not have Network Management service with a vendor, you should consider such a service for times such as these.

No comments:

Post a Comment