Cisco Routers Vulnerability

Nick Hilliard nick at foobar.org
Mon Apr 13 21:55:23 UTC 2015


On 13/04/2015 23:48, Rashed Alwarrag wrote:
> It's reported by different customers in different locations so I don't
> think it's password compromised 

Have you checked?  If the routers had vty access open (ssh or telnet) and
the passwords were easy to guess, then it's more likely that this was a
password compromise.  You can test this out by getting a copy of one of the
configs and decrypting the access password.  Or by asking your customers
whether their passwords were dictionary or simple words.

It's possible that there was a remotely accessible vulnerability, but ios
isn't known for this.

Nick





More information about the NANOG mailing list