Cisco forgot to remove an internal testing interface from software releases for email security appliances. This vulnerability allows the attacker to gain full access to the affected device with root privileges. To remedy this, the user must reboot the device more than once, which would disable the vulnerable interface. Cisco has also released a patch for a couple of the device versions that have this problem.
It goes to show that a hacker doesn’t even need to do a lot of work in order to find vulnerabilities. Sometimes, they just fall into your lap. Reminds me of what the Professor was explaining during ‘scanning for vulnerabilities’ lectures, how sometimes devices have default (factory) user and passwords set so that a simple Nessus scan will display vulnerabilities.
link to the article: http://www.securityweek.com/cisco-forgets-remove-testing-interface-security-appliance
Loi Van Tran says
This goes back to some of the things we discussed in class regarding pen testers and ethical hackers leaving in back doors after they’ve completed the test. This is worst because attackers don’t even need to authenticate themselves to get root access. For a big company like CISCO to be so negligent in this respect is definitely not good for business.
Mauchel Barthelemy says
Nice article and very good piece of information too. This is the sort of catastrophic outcome a simple mistake can produce in the cyber security world. Hackers wouldn’t have to do much work at the Reconnaissance stage to cause damage with vulnerabilities like these. Hopefully Cisco takes necessary measures to avoid repeating such mistakes.