Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Patches Authentication, Denial-of-Service, NTP Flaws In Many Products (csoonline.com)

Posted by timothy on from the work-never-ends dept.

itwbennett writes: Cisco Systems has released a new batch of security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls. The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.

6 of 33 comments (clear)

  1. HTTP requests with SQL code by ls671 · · Score: 2

    HTTP requests with SQL code: about using prepared statements and parameterized queries?

    --
    Everything I write is lies, read between the lines.
  2. Input validation does not cause SQLi by WaffleMonster · · Score: 3, Insightful

    The only cause of SQLi is gross incompetence. It can never be caused by an accident or failure to do something.

    It can only caused by willful and deliberate action to do something you know or should know to be wrong, stupid and dangerous at the time you did it. Unbound query strings don't build themselves.

  3. Hey timothy by DNS-and-BIND · · Score: 2

    Why are you the only one posting stories recently? The other two crappy editors who posted dupes haven't been heard from in a while.

    Hey timothy, I dare you, post another link to forbes.com.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  4. I still wonder by jones_supa · · Score: 2

    A great part of the Internet is woven together by those turquoise boxes. They form a vulnerable part of the infrastructure. I find it strange that open source tinfoil hatters have not criticized more the fact that all of that gear runs proprietary code. All of the boxes could have a backdoor that allows a government surveillance organization to connect and change settings or to wiretap passing traffic. Why do not these discussions usually come up?

  5. Links are reversed by phishybongwaters · · Score: 2

    If anyone else ends up clicking the "security updates" link in the summary and starts to wonder why they are only talking about the RV220W, it's because the submitted reversed the links, you need to click the Cisco RV220W link to get the article with ALL the products.

  6. Re:Cisco patches RV220W firewall .. by AchilleTalon · · Score: 2

    HTML isn't a protocol. HTTP and HTTPS are.

    --
    Achille Talon
    Hop!