Cisco Security Vulnerability Thread.
-
"Cisco, you pay us for a premium, and we give you our second best"
-
Remote, unauthenticated, arbitrary code this time
https://thehackernews.com/2018/04/cisco-switches-hacking.html -
@dustinb3403 said in Cisco Security Vulnerability Thread.:
"Cisco, you pay us for a premium, and we give you our second best"
Since when did they do second best? That's way better than I've seen.
-
@travisdh1 said in Cisco Security Vulnerability Thread.:
Remote, unauthenticated, arbitrary code this time
https://thehackernews.com/2018/04/cisco-switches-hacking.htmlFail.
-
Cisco routers took down central rail monitoring station.
Control stations we're not effected, thankfully.
-
@travisdh1 said in Cisco Security Vulnerability Thread.:
Cisco routers took down central rail monitoring station.
Control stations we're not effected, thankfully.
The Cisco routers were the attackers?
-
@scottalanmiller said in Cisco Security Vulnerability Thread.:
@travisdh1 said in Cisco Security Vulnerability Thread.:
Cisco routers took down central rail monitoring station.
Control stations we're not effected, thankfully.
The Cisco routers were the attackers?
A software bug brings them down hard after a certain number of days. So, yeah, I guess they were.
-
I've been lying down on the job apparently. 4 sets of hardcore credentials removed in the past 4 months. https://www.bleepingcomputer.com/news/security/cisco-removes-backdoor-account-fourth-in-the-last-four-months/
-
Just saw this today. Announced last week and actively being exploited. A directory traversal which leads to sensitive system information being disclosed or the device crashing.
-
Brilliant I tell you. An undocumented root level password left in the management layer.
All your network are belong to us.
-
Literally just reading about this one.
9.8 out of 10
"fifth undocumented password (aka backdoor) that Cisco has removed from its software in the past 5 months."
'Undocumented except by the fbi and nsa' I think is what they meant. -
@momurda said in Cisco Security Vulnerability Thread.:
Literally just reading about this one.
9.8 out of 10
"fifth undocumented password (aka backdoor) that Cisco has removed from its software in the past 5 months."
'Undocumented except by the fbi and nsa' I think is what they meant.And in hacker documents the world over.
-
Our monthly hardcoded root credentials are in.
-
@travisdh1 said in Cisco Security Vulnerability Thread.:
Our monthly hardcoded root credentials are in.
Definitely showing that even becoming famous for having hard coded creds, they won't change any till caught and forced to change them.
-
@scottalanmiller said in Cisco Security Vulnerability Thread.:
@travisdh1 said in Cisco Security Vulnerability Thread.:
Our monthly hardcoded root credentials are in.
Definitely showing that even becoming famous for having hard coded creds, they won't change any till caught and forced to change them.
I mean the people that buy Cisco probably don't care too much.
-
@coliver said in Cisco Security Vulnerability Thread.:
@scottalanmiller said in Cisco Security Vulnerability Thread.:
@travisdh1 said in Cisco Security Vulnerability Thread.:
Our monthly hardcoded root credentials are in.
Definitely showing that even becoming famous for having hard coded creds, they won't change any till caught and forced to change them.
I mean the people that buy Cisco probably don't care too much.
Good point. Or at all.
-
A bumper night last night for Cisco. Not one, not two, but three privilege escalation and remote command execution threats announced.
https://tools.cisco.com/security/center/publicationListing.x
-
@travisdh1 said in Cisco Security Vulnerability Thread.:
A bumper night last night for Cisco. Not one, not two, but three privilege escalation and remote command execution threats announced.
https://tools.cisco.com/security/center/publicationListing.x
Wow
-
WebEx, local privilege escalation vulnerability.
-
@travisdh1 said in Cisco Security Vulnerability Thread.:
WebEx, local privilege escalation vulnerability.
Awesome, looks like I get to spend my day updating Webex.