Cisco Inadvertently Leaked In-House Dirty COW Exploit Code In Its Software

[nir]

This week, Cisco released several security advisories regarding various bug fixes. It also patched two critical flaws and recommended workarounds for a third one. However, one of these advisories looked somewhat distinct, as it did not inform of any vulnerability or patch. Rather, it addressed a QA failure. As revealed, Cisco mistakenly leaked an in-house Dirty COW exploit code in two of its software.

Cisco’s QA Blunder Leaked Dirty COW Exploit Code

As explained in Cisco’s advisory released this week, the vendors accidentally leaked a Dirty COW exploit code in their software. The firm confesses an internal quality assurance failure that resulted in the accidental release of the exploit code used in-house for validation purposes.

 

According to the advisory,

“A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco in validation scripts to be included in shipping software images. This includes an exploit for the Dirty CoW vulnerability (CVE-2016-5195).”

Cisco found this issue during an internal security testing after which it publicly disclosed the matter. The issue seemingly affected the recent versions of the affected software.

“This issue affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) image versions X8.9 through X8.11.3. Versions prior to X8.9 are not affected by this issue.”

Cisco Confirms No Security Risks

Dirty COW vulnerability (CVE-2016-5195) was a privilege escalation flaw primarily affecting Linux Kernel’s copy-on-write (COW) feature. However, in 2017, it was found to be impacting Androids too.

 

In any case, the problem discussed here does not pose any significant security threats to the users owing to the dormancy of the code. Besides, Cisco confirms that the software carrying the exploit codes also carry the patches.

 

Moreover, Cisco has also removed the images carrying the exploit codes from the Cisco Software Center. It also assures that it plans to replace them with ‘fixed software images’ soon.

 

Source

[BimBamSmash]

I know how easy it is to let things like that slip these days. I can only think of myself on days when management asks us to deliver something fast, under a time frame that is by no means Human. You worry too much about your deadline, the problem at hand, and all the damned reports you have to fill in at the same time. There are sleepless nights, you hope with every molecule in your body that what you're about to do won't disrupt something else that's otherwise working fine, you may miss out on food, bathroom brakes become a luxury, and you'd consider yourself the luckiest individual alive if nothing goes wrong in the home front at the same time. I don't know if any of that is going on at Cisco's, but if any of that was involved during the events of this article my mind is with those employees affected.