Andrea Danti - Fotolia
This week's Risk & Repeat podcast looks at vulnerabilities in Cisco and Huawei products, which have raised concerns about backdoor access in networking equipment.
A series of Cisco vulnerabilities over the past two years has raised concerns about backdoor access in the networking giant's products.
Since mid-2017, Cisco has disclosed more than 10 vulnerabilities that featured the presence of hardcoded or default credentials in a range of its products. The latest example, disclosed earlier this month, involved a default SSH key pair in Cisco's Nexus 9000 Series Switch software, which could allow threat actors to remotely connect to the switches with root account privileges.
The series of Cisco vulnerabilities has been described as backdoors by some media outlets and members of the infosec community, suggesting the networking vendor intentionally left the flaws in the products for either Cisco personnel or government agencies to use. Cisco rival Huawei, meanwhile, came under similar criticism after Bloomberg reported an alleged backdoor was found in its equipment; an executive order this week barred U.S. companies from doing business with Huawei.
How should these Cisco vulnerabilities be viewed by enterprises and infosec professionals? Is the criticism the networking vendor has received fair? And how does that criticism compare to the scrutiny and government action that Huawei has faced? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.