Cisco Security Vulnerability Thread.

DustinB3403

"Cisco, you pay us for a premium, and we give you our second best"

travisdh1

Remote, unauthenticated, arbitrary code this time
https://thehackernews.com/2018/04/cisco-switches-hacking.html

scottalanmiller

@dustinb3403 said in Cisco Security Vulnerability Thread.:

"Cisco, you pay us for a premium, and we give you our second best"

Since when did they do second best? That's way better than I've seen.

scottalanmiller

@travisdh1 said in Cisco Security Vulnerability Thread.:

Remote, unauthenticated, arbitrary code this time
https://thehackernews.com/2018/04/cisco-switches-hacking.html

Fail.

travisdh1

Cisco routers took down central rail monitoring station.

https://ggwash.org/view/67198/metro-reasons-failed-metro-networking-equipment-blinds-control-center-for-three-hours

Control stations we're not effected, thankfully.

scottalanmiller

@travisdh1 said in Cisco Security Vulnerability Thread.:

Cisco routers took down central rail monitoring station.

https://ggwash.org/view/67198/metro-reasons-failed-metro-networking-equipment-blinds-control-center-for-three-hours

Control stations we're not effected, thankfully.

The Cisco routers were the attackers?

travisdh1

@scottalanmiller said in Cisco Security Vulnerability Thread.:

@travisdh1 said in Cisco Security Vulnerability Thread.:

Cisco routers took down central rail monitoring station.

https://ggwash.org/view/67198/metro-reasons-failed-metro-networking-equipment-blinds-control-center-for-three-hours

Control stations we're not effected, thankfully.

The Cisco routers were the attackers?

A software bug brings them down hard after a certain number of days. So, yeah, I guess they were.

travisdh1

I've been lying down on the job apparently. 4 sets of hardcore credentials removed in the past 4 months. https://www.bleepingcomputer.com/news/security/cisco-removes-backdoor-account-fourth-in-the-last-four-months/

travisdh1

Just saw this today. Announced last week and actively being exploited. A directory traversal which leads to sensitive system information being disclosed or the device crashing.

https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/

travisdh1

Brilliant I tell you. An undocumented root level password left in the management layer.

All your network are belong to us.

https://www.bleepingcomputer.com/news/security/cisco-removes-undocumented-root-password-from-bandwidth-monitoring-software/

momurda

Literally just reading about this one.
9.8 out of 10
"fifth undocumented password (aka backdoor) that Cisco has removed from its software in the past 5 months."
'Undocumented except by the fbi and nsa' I think is what they meant.

scottalanmiller

@momurda said in Cisco Security Vulnerability Thread.:

Literally just reading about this one.
9.8 out of 10
"fifth undocumented password (aka backdoor) that Cisco has removed from its software in the past 5 months."
'Undocumented except by the fbi and nsa' I think is what they meant.

And in hacker documents the world over.

travisdh1

Our monthly hardcoded root credentials are in.

https://www.zdnet.com/article/cisco-weve-killed-another-critical-hard-coded-root-password-bug-patch-urgently/

scottalanmiller

@travisdh1 said in Cisco Security Vulnerability Thread.:

Our monthly hardcoded root credentials are in.

https://www.zdnet.com/article/cisco-weve-killed-another-critical-hard-coded-root-password-bug-patch-urgently/

Definitely showing that even becoming famous for having hard coded creds, they won't change any till caught and forced to change them.

coliver

@scottalanmiller said in Cisco Security Vulnerability Thread.:

@travisdh1 said in Cisco Security Vulnerability Thread.:

Our monthly hardcoded root credentials are in.

https://www.zdnet.com/article/cisco-weve-killed-another-critical-hard-coded-root-password-bug-patch-urgently/

Definitely showing that even becoming famous for having hard coded creds, they won't change any till caught and forced to change them.

I mean the people that buy Cisco probably don't care too much.

scottalanmiller

@coliver said in Cisco Security Vulnerability Thread.:

@scottalanmiller said in Cisco Security Vulnerability Thread.:

@travisdh1 said in Cisco Security Vulnerability Thread.:

Our monthly hardcoded root credentials are in.

https://www.zdnet.com/article/cisco-weve-killed-another-critical-hard-coded-root-password-bug-patch-urgently/

Definitely showing that even becoming famous for having hard coded creds, they won't change any till caught and forced to change them.

I mean the people that buy Cisco probably don't care too much.

Good point. Or at all.

travisdh1

A bumper night last night for Cisco. Not one, not two, but three privilege escalation and remote command execution threats announced.

https://tools.cisco.com/security/center/publicationListing.x

scottalanmiller

@travisdh1 said in Cisco Security Vulnerability Thread.:

A bumper night last night for Cisco. Not one, not two, but three privilege escalation and remote command execution threats announced.

https://tools.cisco.com/security/center/publicationListing.x

Wow

travisdh1

WebEx, local privilege escalation vulnerability.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection

RojoLoco

@travisdh1 said in Cisco Security Vulnerability Thread.:

WebEx, local privilege escalation vulnerability.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection

Awesome, looks like I get to spend my day updating Webex.