Cisco, Palo Alto, Dell, etc... - Bugs in network hardware
90% of my daily work is with Cisco hardware, with the other 10% being a mix of HP / Aruba switching and a few other big names on the firewall side.
My question is whether or not manufacturers outside of Cisco experience bugs? If so, is this a common occurrence?
I've seen plenty of threads online with people asking who is better, and then a big list of vendor bashing takes place. That's not my intent of this question, but more recently I have run into countless confirmed bugs with Cisco gear (security, routing, wireless). I'm just curious if the same happens with other vendors. I've seen some weird stuff with Sonicwall firewalls in the past, but again, most of my work is Cisco, and then a bit of HP / Aruba switching, so working in a consulting role with a single manufacturer, I'm sure bugs are more likely to pop up.
Would appreciate any feedback.
My question is whether or not manufacturers outside of Cisco experience bugs? If so, is this a common occurrence?
I've seen plenty of threads online with people asking who is better, and then a big list of vendor bashing takes place. That's not my intent of this question, but more recently I have run into countless confirmed bugs with Cisco gear (security, routing, wireless). I'm just curious if the same happens with other vendors. I've seen some weird stuff with Sonicwall firewalls in the past, but again, most of my work is Cisco, and then a bit of HP / Aruba switching, so working in a consulting role with a single manufacturer, I'm sure bugs are more likely to pop up.
Would appreciate any feedback.
Comments
-
Iristheangel Mod Posts: 4,133 ModYes, every vendor has bugs. The larger the customer base and company size, the more you will hear about the bugs but they exist with every vendor.
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Bugs are a security professionals bread and butter. Humans write code and thus flaws exist. I'd even go so far as to say there is no technology that doesn't have a bug or flaw of some kind.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
hurricane1091 Member Posts: 919 ■■■■□□□□□□Thanks Cisco for releasing an ASA patch, then letting us know days later we need to upgrade again. I love waking up at 5:30 to reload some firewalls.
-
UnixGuy Mod Posts: 4,570 ModWhat Iris said
I worked with servers vendors before and most of them have bugs releases on a weekly basis sometimes...it doesn't mean you NEED to apply all those patches on a weekly basis. This is where your vulnerability management team (if they exist) come into play. Some bugs are categorized as CRITICAL by vendors but when you understand they're not so critical..
while some bugs are categorized Medium (for example Microsoft categories Privilege escalation as Medium...) when in fact they can be fairly damaging....
again assess the patches and where the devices are located within your network. Hardware/Firmware/OS/server etc...they all have bug fixes and improvements constantly pushed..RedHat/Oracle/Cisco/HP/etc..they all do it. It's part of the Software lifecycle..
Have you been updating your iPhone lately? -
rdrum Registered Users Posts: 3 ■□□□□□□□□□Appreciate the feedback so far. I kinda figured bugs were throughout different manufacturers; I just don't work with many outside of Cisco in my current role, and in previous roles networks were larger, but they were less complex. We just didn't run into cases where specific bugs caused bigger user impact.
@hurricane1091 - Yes, that is certainly one that stands out. We saw webvpn configs and certificates get ripped out as a result of the patches in the 9.8 train. It made for a busy couple of weeks, and we're still patching, but it was interesting to see.
I'm still a fan of Cisco gear, but I'm a little quicker to open TAC cases than double-checking my work now. -
yoba222 Member Posts: 1,237 ■■■■■■■■□□Instead of taking our word for it, see them for yourself.
https://www.cvedetails.com/vendor.phpA+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP