[179433] in North American Network Operators' Group
Re: Cisco Routers Vulnerability
daemon@ATHENA.MIT.EDU (George Herbert)
Mon Apr 13 18:12:19 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <CAEwtr5rdrh+x6Hyc4VkL8FD0LHfBdAiiTfbtZ2t30d=LMRJn-w@mail.gmail.com>
Date: Mon, 13 Apr 2015 15:09:20 -0700
From: George Herbert <george.herbert@gmail.com>
To: Rashed Alwarrag <rali.ahmed@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
A whole pile of new vulnerabilities including remote code exploit were
revealed against specific models about 3 weeks ago; I had not heard of any
exploits, but, ...
Which is why the models and IOS versions would be very useful.
On Mon, Apr 13, 2015 at 2:59 PM, Rashed Alwarrag <rali.ahmed@gmail.com>
wrote:
> Still I don't have full information from them as it has been reported by
> different customers and all almost in the same time , I am trying to get
> some information about , I was just checking if there is known
> vulnerability has been announced recently regarding this
>
> Thanks you guys
>
>
> On Tuesday, April 14, 2015, Nick Hilliard <nick@foobar.org> wrote:
>
> > On 13/04/2015 23:48, Rashed Alwarrag wrote:
> > > It's reported by different customers in different locations so I don't
> > > think it's password compromised
> >
> > Have you checked? If the routers had vty access open (ssh or telnet) and
> > the passwords were easy to guess, then it's more likely that this was a
> > password compromise. You can test this out by getting a copy of one of
> the
> > configs and decrypting the access password. Or by asking your customers
> > whether their passwords were dictionary or simple words.
> >
> > It's possible that there was a remotely accessible vulnerability, but ios
> > isn't known for this.
> >
> > Nick
> >
> >
> >
>
> --
>
> *Rashed Alwarrag *
>
--
-george william herbert
george.herbert@gmail.com
