What's new

Cisco under attack, again.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L&LD

Part of the Furniture
From what I can tell it is not related to Cisco small business networking gear. It relates to a web interface on the front end of the network. I think turning off the web interface on the internet device is a work around.

I don't believe Cisco has any currently supported small business routers so it is a non issue for me.
 
From what I can tell it is not related to Cisco small business networking gear. It relates to a web interface on the front end of the network. I think turning off the web interface on the internet device is a work around.

I don't believe Cisco has any currently supported small business routers so it is a non issue for me.

It's devices that run IOS XE - and it's the WebUI...

There's a privilege escalation bug that allows the attacker to create a new local user account - the exploit drops in a web implant, but that implant is not persistent, so a reboot can clear it - the local user account still exists however.

Depends on the environment - most gear of this type has the management interface segregated out on a management VLAN, so someone on the production LAN/VLAN wouldn't have access to the WebUI in any case.

But... some folks are not quite as aware, so the WebUI may be accessed on the regular network.

Unfortunately, there are some IOS XE platforms that are internet accessible, and this is why the Severity Level is what it is...
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top