a.x61.sh

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks (www.bleepingcomputer.com)
from MazonnaCara89@lemmy.ml to technology@lemmy.ml on 19 Oct 2023 17:53
https://lemmy.ml/post/6716034

#technology

threaded - newest

fluke@snake.substantialplumbing.repair on 19 Oct 2023 18:30 collapse

At what point do we also blame cisco customers for just plugging stuff in and not changing passwords? Cisco did not come into their customers locations and set up racks of stuff, or did they?

Godort@lemm.ee on 19 Oct 2023 18:52 next collapse

If this was just unsecured, internet facing routers then your point would make sense. However, in this case there is a vulnerability in the WebUI platform that allows unauthenticated users to make admin accounts to the system. That is absolutely Cisco’s fault

NocturnalMorning@lemmy.world on 19 Oct 2023 18:53 next collapse

Read the article. I think you’re misunderstanding the exploit.

TheDarkKnight@lemmy.world on 19 Oct 2023 19:03 collapse

Yeah this is one is on Cisco in general, still wondering why you’d have the web interface enabled anyways…just asking for problems right there.

Shadow@lemmy.ca on 19 Oct 2023 19:42 next collapse

If a fresh deployment isn’t secure out of the box, that’s definitely on cisco. There’s a lot of people out there who just plug in some hardware and then use the GUI to configure it. Just because it’s best practice to turn it off, doesn’t mean everyone is skilled enough to do so.

We did have one compromised router from this at work, a fresh deploy that someone did a while ago and then the project got put on hold before it was actually configured. Was just sitting there with a public IP not doing much, but sure enough it was owned when I looked.

One interesting thing is that the machine had HTTP enabled, but we had locked down SSH already. In the config you could see the attacker tried to enable SSH but couldn’t get it working (subnet inverted, lol cisco).

TheDarkKnight@lemmy.world on 20 Oct 2023 05:35 collapse

Yeah it is on Cisco, not questioning that.

Good catch getting it early, teach the young guys to kill those web portals…nothing but trouble. But I hear ya, sometimes CLI can be a pain.

sugar_in_your_tea@sh.itjust.works on 19 Oct 2023 23:43 collapse

On a home network, I like having the web UI enabled for local access out of convenience, and I like buying higher end networking equipment. I don’t enable it for external access though, that’s just asking for trouble.

It makes absolutely no sense in an enterprise environment, but there are a non-trivial number of non-enterprise customers of enterprise equipment.

virr@lemmy.world on 19 Oct 2023 23:25 collapse

On Monday, Cisco disclosed that unauthenticated attackers can exploit the IOS XE zero-day to gain full administrator privileges and take complete control over affected Cisco routers and switches remotely.

That seems to be on Cisco in this case.