Autumn safety researcher was in last year Cisco the company level grade of some model by implement in discover safe flaw, aggressor uses this flaw to be able to control a route completely by implement.
Researcher refers flaw Cisco hind to obtain Cisco company quickly also to admit really, it is rehabilitate of Cisco company beautiful time next firmware of intercurrent cloth new edition.
To this year Cisco of the beginning of the year releases new edition firmware to have repair to this safe flaw, but the repair method that researcher discovers Cisco cannot prevent attack completely.
Then researcher is referred Cisco again again and refer notional test and verify, receive Cisco to affirm again next and await Cisco to release rehabilitate of new edition firmware.
It is Cisco only used repair method cannot understand really:
Occupying what researcher divulges the notional test and verify that refers Cisco is used is CURL command, this is a kind of kind that undertakes in Linux system integrated file is transmitted.
The repair method that via researcher test Cisco uses is actually: Be in directly road by implement the acting string that configures CURL of file lieutenant general (UA) complete screen.
When then researcher tries to use CURL command to undertake osmotic again, can be rejected directly, give repair already completely this flaw it seems that it seems that.
However actual condition is to need to change a command to avoid slightly only by screen this representative string can renew attack, cisco rehabilitate method hardly significant.
This rehabilitate method lets researcher cannot accept:
Researcher changes the successful control road that block the way is without again after acting string by, the repair method that this also proves Cisco just is in apparently problem rehabilitate.
During this Cisco did not give researcher for long to update repair plan to seek advice till researcher post a letter, next Cisco asks defer flaw makes public time again.
Of the detail of requirement defer flaw that does not cross final researcher to reject Cisco announce time, a few days ago of hereon flaw use a method to wait to had been made public completely.
Head of net of attention blue dot date (click here to pay close attention to instantly) not stray, tutorial of tool of information of Windows 10, science and technology, software, technology, all be in blue dot net. Blue dot net, give you interested content! Acknowledgment is hit enjoy support!
