On 12/30/2013 3:51 PM, Randy Bush wrote:
Clay Kossmeyer here from the Cisco PSIRT.
shoveling kitty litter as fast as you can, eh?
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-s...
"The article does not discuss or disclose any Cisco product vulnerabilities."
this is disengenuous at best. from the nsa document copied in der spiegel and now many other places:
"JETPLOW is a firmware persistence implant for Cisco PIX series and ASA firewalls ..."
so in cisco kitty litter lingo, what would be "discuss[ing] or disclos[ing] any Cisco product vulnerabilities? the exploit code itself?
randy
What is the vulnerability in Cisco product Randy? That a 3rd party can replace the firmware in your firewall? There isn't enough information to determine if this is a software vulnerability triggered with exploit code or wholesale firmware replacement. The document refers to an implant but not how it gets there. -- "The first rule of any game is to know that you're in one." -Sandy Lerner, co-founder, Cisco Systems