Critical vulnerabilities on Cisco devices
Target: Systems using unpatched Cisco software
Attack Vector: 3 separate critical vulnerabilities
Summary: Over the Easter break, multiple vulnerabilities were found on Cisco devices, placing millions of devices at risk. 34 vulnerabilities in total and 17 critical vulnerabilities have been discovered. Three of the most severe vulnerabilities relate to two flaws which could allow for a Denial of Service (DoS) to take place, CVE-2018-0171 and CVE-2018-0151, in addition to unauthorised access via hardcoded default credentials, CVE-2018-0150. Risk assessment summary: The threat is assessed as 3c MODERATE. The three vulnerabilities discussed are all of a critical nature, with two allowing an opportunity for a DoS attack and the third allowing sensitive devices to be compromised. In addition, authentication is not required for a threat actor to carry out these exploits. However, due to the availability of patching, along with workarounds for some of the vulnerabilities, these are issues which will become much rarer and difficult to exploit.