A whole pile of new vulnerabilities including remote code exploit were revealed against specific models about 3 weeks ago; I had not heard of any exploits, but, ... Which is why the models and IOS versions would be very useful. On Mon, Apr 13, 2015 at 2:59 PM, Rashed Alwarrag <rali.ahmed@gmail.com> wrote:
Still I don't have full information from them as it has been reported by different customers and all almost in the same time , I am trying to get some information about , I was just checking if there is known vulnerability has been announced recently regarding this
Thanks you guys
On Tuesday, April 14, 2015, Nick Hilliard <nick@foobar.org> wrote:
On 13/04/2015 23:48, Rashed Alwarrag wrote:
It's reported by different customers in different locations so I don't think it's password compromised
Have you checked? If the routers had vty access open (ssh or telnet) and the passwords were easy to guess, then it's more likely that this was a password compromise. You can test this out by getting a copy of one of the configs and decrypting the access password. Or by asking your customers whether their passwords were dictionary or simple words.
It's possible that there was a remotely accessible vulnerability, but ios isn't known for this.
Nick
--
*Rashed Alwarrag *
-- -george william herbert george.herbert@gmail.com