Cisco, Oracle Find Dozens Of Their Products Affected By Shellshock

Cisco and Oracle are working hard to identify networks and other products in their portfolios,which are affected by the critical vulnerability Shellshock.

The Shellshock vulnerability and several related last week due to errors such as command line interpreter bash for Unix and Linux systems analyzed chains,were found to be forwarded through external scripts.The errors that can be exploited to trick certain processes are running in areas vulnerable to malicious strings pass Bash,which is then run as commands on the underlying operating system machines.

Security researcher Rob Fuller has set collected by a collection of ShellShock feats proof-of-concept from different sources.The best known attack vectors are running on the Web server CGI scripts,SSH demons,although other applications that interact with Bash also potential targets.

Cisco has 71 products so far,which exposed the vulnerability is identified.These products serve a variety of purposes,including network implementation,service and acceleration; Network and content security Management and network provisioning; Routing and switching; Unified Computing Voice and Unified Communications; Video streaming,telepresence and transcoding.

The number of Cisco products vulnerable to Shellshock and related errors far exceeds the 38 confirmed not vulnerable. The company is reviewing an additional 168 products and hosted services,so that the list of sensitive products is likely to increase.

The impact of this vulnerability on Cisco products can vary depending on the product concerned because some types of attacks such as SSH,require successful authentication to be exploited and can not give rise to additional privileges granted to the user,Cisco said in its adviser.

Oracle is also in the process of identifying which of their products are vulnerable.Until now the company has released patches for nine products Shellshock Oracle Database Appliance 2.X and 12.1.2 Software Oracle Exadata Storage Server Oracle Exalogic Oracle Exalytics Oracle Linux 4,5,6 and 7 Oracle Solaris 8,9,10 and 11 operating system Oracle Supercluster Oracle Virtual Compute Appliance Software and Oracle VM 2.2,3.2 and 3.3.

An additional 42 products use Bash in at least one version and are likely to be susceptible to Shellshock, Oracle has found. No patches are currently available for these products. Four other products are currently being investigated to determine whether they are using vulnerable versions of Bash.

Oracle has the impact of this vulnerability for products evaluated no longer supported by the Oracle,the company said in its advisory.Other suppliers built on top of Linux,if it is to release hardware devices,SCADA platforms specialized servers or embedded devices,probably patches Shellshock in the near future, products are.

The overall impact of the vulnerability Shellshock and errors associated Bash is difficult to quantify due to the ubiquitous nature of this block in the world of Unix and Linux and the fact that all versions of Bash 1993 is likely vulnerable.Multiple vectors of attack only adds to the complexity of determining which systems are at risk.

Cisco Beats Estimates On Strong New Product Sales In Developed Markets

Cisco announced a mixed set of Q4 FY2014 results,as revenues declined marginally but the company beat guidance on stronger than expected demand for new products in developed markets.The networking giant saw its revenues drop year-over-year (y-o-y) by less than 1% to $12.36 billion,as sustained weakness in emerging markets and sluggish spending by service providers weighed on results. The revenue decline was at the lower end of the company’s guidance of 1-3% and better than consensus expectations of 2%.

Although emerging market orders fell by 9%,with China, Russia,Brazil and Thailand contributing to a bulk of the weakness,the company was able to offset some of the pressure with a strong showing in the U.S.where commercial and enterprise orders grew by 17% and 16% y-o-y,respectively.Cisco’s new high-end routers and switches continued their strong momentum from the previous quarter,as orders for the NCS and CRS-X grew above expectations to about $50 million each in Q4 and $100 million each in the full fiscal year.The Nexus 9000 and Cisco’s SDN strategy also seems to have resonated well with customers,as the number of clients jumped from 180 in Q3 to 580 at the end of the fiscal fourth quarter.

The routing and switching transition seems to be going well and the company expects these business divisions to contribute meaningfully to top-line growth in the next few quarters. Cisco expects its overall revenue growth to return to positive territory in the next quarter, ranging between zero and 1%. With revenues remaining almost flat, gross margins are unlikely to recover in the near term given the long sales cycles associated with launches of new networking products. In the coming years, we expect Cisco to be able to defend its overall operating margins better as the new high-end products start gaining traction and the company’s cost-cutting measures take hold. The company continues to generate strong cash flows and has been opportunistic in deploying the cash to buy back shares at depressed valuations.


Switching Transition On Right Track

Cisco faces a difficult environment in regions such as Asia-Pacific, Japan,China and Russia, where customers expenses network interface in response to fluctuations in strong currencies and geopolitical factors.The company saw orders in Asia-Pacific and Japan at 7% from the same period last fiscal year.China has a primary,given the unstable political situation after the scandal about pain NSA spying.Orders in China fell 23% over the same quarter last year.

In developed markets like UsWhere the general economic situation has become less uncertain Cisco is comparatively much better implementation.However,product transitions have delays in routing and switching rates as customers orders and test the new equipment before deployment.The decline was even more pronounced in the service provider market, where the delay in sales is usually more than the company and the company changed its focus from traditional video decoders in the cloud.In the last quarter,saw its orders Cisco service providers by 11% over the same period last year.

Therefore,it is a good sign for the new Cisco routers and switches look should flow a good number of orders that sales growth to continue in the coming quarters.Supports Cisco SDN strategy of the Nexus 9000 recent gains significant traction with customers, which was evident by the fact that their customer base over the previous quarter tripled.This helped the company to the sales decrease switching delay to about 4%,compared with more than 6% in the third quarter.

However,there is usually a delay of at least one quarter prior orders comes to translating.We therefore expect Cisco to continue to lose market share in the short-term competitors such as Juniper,which is later in the sales cycle of new products.However,Cisco appears well positioned to some of its lost market share as the strong order flow leads to income, to recover possibly the middle of next year.