Posted July 5, 2019 https://www.iot-inspector.com/blog/2019/07/huawei-cryptographic-keys-embedded-in-ciscos-firmware/?utm_source=share&utm_medium=ios_app In short, it is not a big issue as it sounds like, but it is still such an irony under current time Quote As it turns out, the certificates and private key in question were part of the OpenDaylight GitHub open source package, which is used in some Cisco products. All Cisco 250/350/350X/550X Series Switches are affected. Developers used the certificates for testing the Cisco FindIT feature. The certificates ended up in the shipped versions of various products due to a simple oversight. According to Cisco, no attack vectors have been identified as the certificates are not actually being used by shipped versions of firmware. Cisco has released a firmware cleared of the certificates and has published a security advisory today. Furthermore, Cisco acted on other issues discovered by IoT Inspector too. Among them empty password hashes, unneeded software packages, and multiple vulnerabilities in third-party software (TPS) components. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 6, 2019 I think the US government should impose sanctions on Cisco given the discovery of vulnerabilities and backdoors. [Here] [Here] [Here] There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 6, 2019 5 minutes ago, captain_to_fire said: I think the US government should impose sanctions on Cisco given the discovery of vulnerabilities and backdoors. [Here] [Here] [Here] Not likely when these backdoor are most likely created and used by US government to spy on other countries. Magical Pineapples
