Re: Cisco Routers Vulnerability

[George Herbert <george.herbert () gmail com>]

A whole pile of new vulnerabilities including remote code exploit were
revealed against specific models about 3 weeks ago; I had not heard of any
exploits, but, ...

Which is why the models and IOS versions would be very useful.

On Mon, Apr 13, 2015 at 2:59 PM, Rashed Alwarrag <rali.ahmed () gmail com>
wrote:

> Still I don't have full information from them as it has been reported by
> different customers and all almost in the same time , I am trying to get
> some information about , I was just checking if there is known
> vulnerability has been announced recently regarding this
>
> Thanks you guys
>
>
> On Tuesday, April 14, 2015, Nick Hilliard <nick () foobar org> wrote:
>
> > On 13/04/2015 23:48, Rashed Alwarrag wrote:
> > > It's reported by different customers in different locations so I don't
> > > think it's password compromised
> >
> > Have you checked?  If the routers had vty access open (ssh or telnet) and
> > the passwords were easy to guess, then it's more likely that this was a
> > password compromise.  You can test this out by getting a copy of one of
> the
> > configs and decrypting the access password.  Or by asking your customers
> > whether their passwords were dictionary or simple words.
> >
> > It's possible that there was a remotely accessible vulnerability, but ios
> > isn't known for this.
> >
> > Nick
>
> --
>
> *Rashed Alwarrag *



-- 
-george william herbert
george.herbert () gmail com