Security Updates: Cisco Removes Backdoor from Business Switches

Several Cisco products have become vulnerable to multiple vulnerabilities that have been identified as critical. These include Unity Express, Small Business Switches and Stealthwatch Management Console. Cisco provides various security updates as a remedy.  

 With all 3 products, attackers can execute external malware from outside without security certification.  

 The application of business switches contains a previously undocumented account. An external attacker could activate this account remotely and under undefined circumstances and thus gain access with admin rights.   

 With Stealthwatch Management Console it would be sufficient for an attacker to send modified HTTP requests to a vulnerable device in order to gain access with admin rights.  

 With Unity Express, an attack should be possible by receiving manipulated serialized Java objects. If this succeeds, the attacker receives boot rights.