Cisco intentionally sold vulnerable software to the US government

✨ Megiddo

✨ President ✨
Staff member
May 15, 2016

The company will pay $ 8.6 million in the settlement of the lawsuit filed against it by the US government.

Cisco Systems has agreed to pay $ 8.6 million in the settlement of the lawsuit filed against the company by the US federal government.

In 2011, Cisco Systems was convicted of intentionally selling US government organizations knowingly vulnerable CCTV systems. According to court documents, in September 2008, a former contractor, James Glenn, and his colleague discovered multiple vulnerabilities in Cisco Video Surveillance Manager (VSM) software, which were reported to the manufacturer in October of that year.

The VSM system allows you to control several cameras located in different places at once through a centralized server, which can be accessed remotely. Vulnerabilities discovered by researchers allowed a remote unauthorized attacker to gain permanent access to video surveillance systems and, accordingly, to all video recordings and data stored in the system, as well as modify video and bypass security mechanisms.

In 2010, Glenn realized that the vulnerabilities they discovered had not been fixed. Moreover, the manufacturer decided not to tell anyone about their presence in the product. The researcher warned authorities about this, which in turn sued Cisco Systems, accusing the company of fraud.

The manufacturer supplied directly or through intermediaries of VSM software to US police departments, schools, courts, municipal authorities, airports and government agencies, including the Department of the Interior, Secret Service, Naval Forces, Air Force, etc.

After a lawsuit was filed, the company published vulnerabilities (CVE-2013-3429, CVE-2013-3430, CVE-2013-3431) and released a revised version of VSM. As part of the deal, Cisco Systems also agreed to pay $ 8.6 million - Glenn and his lawyer will receive $ 1.6 million, the remaining $ 7 million will go to the federal government and 16 states that bought the vulnerable product.
Top Bottom