nanog mailing list archives
Re: Cisco Routers Vulnerability
From: George Herbert <george.herbert () gmail com>
Date: Mon, 13 Apr 2015 15:09:20 -0700
A whole pile of new vulnerabilities including remote code exploit were revealed against specific models about 3 weeks ago; I had not heard of any exploits, but, ... Which is why the models and IOS versions would be very useful. On Mon, Apr 13, 2015 at 2:59 PM, Rashed Alwarrag <rali.ahmed () gmail com> wrote:
Still I don't have full information from them as it has been reported by different customers and all almost in the same time , I am trying to get some information about , I was just checking if there is known vulnerability has been announced recently regarding this Thanks you guys On Tuesday, April 14, 2015, Nick Hilliard <nick () foobar org> wrote:On 13/04/2015 23:48, Rashed Alwarrag wrote:It's reported by different customers in different locations so I don't think it's password compromisedHave you checked? If the routers had vty access open (ssh or telnet) and the passwords were easy to guess, then it's more likely that this was a password compromise. You can test this out by getting a copy of one oftheconfigs and decrypting the access password. Or by asking your customers whether their passwords were dictionary or simple words. It's possible that there was a remotely accessible vulnerability, but ios isn't known for this. Nick-- *Rashed Alwarrag *
-- -george william herbert george.herbert () gmail com
Current thread:
- Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability Christopher Morrow (Apr 13)
- Re: Cisco Routers Vulnerability John Schiel (Apr 13)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability John Schiel (Apr 13)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability Nick Hilliard (Apr 13)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability Nick Hilliard (Apr 13)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability George Herbert (Apr 13)
- RE: Cisco Routers Vulnerability Keith Medcalf (Apr 13)
- Re: Cisco Routers Vulnerability Doug McIntyre (Apr 19)
- Re: Cisco Routers Vulnerability Rashed Alwarrag (Apr 13)
- Re: Cisco Routers Vulnerability Alain Hebert (Apr 14)