cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Security issue with SPA1x2/SPA232D ?

Dan Lukes
VIP Alumni
VIP Alumni

Just few days ago, the new firmware version 1.3.2(XU) has been released for both SPA1x2 and SPA232D.

Release Notes claim the only change - SRTP is removed. No further details about the issue solved by it. No details mean severe bug in most cases. Cisco is not publishing new releases just for fun.

Not to disclose issues with particular firmware is bad practice in all cases as undisclosed issue may hurt any particular customer. But in the case of security related features, like SRTP, it's just unacceptable. A chinese company selling cheap crap for few cents may try to hide the problems and put it's customer in risk. I'm expecting no such approach from the Cisco.

So - should I assume there is a severe bug in SRTP implementation ? Is SRTP implementation in pre-1.3.2(XU) firmware reliable and secure, or should I forgot the SRTP at all ?

Who Me Too'd this topic