 Oh boy, today we're going to be taking a look at another one of those critical security vulnerabilities that's affecting thousands of devices connected to the internet all over the world right now. And to make things worse, this particular vulnerability affects Cisco networking equipment. So routers, switches, firewalls, site to site VPNs and things like that. So you really have to think about the downstream effects with a vulnerability like this. Because in a corporate network, in an enterprise environment, you can easily have thousands of customer and employee computers that are connecting to these networks and using them for internet access or access to the internal corporate internet. And so if you take over one of these vulnerable routers, you can obviously deny service to everyone, but you can also route their traffic to malicious websites. You can steal their logging credentials. You might even be able to take over the end user's computers completely. And if it affects a site to site VPN, you could start going to other headquarters in remote locations. You know, typically corporations will put a lot of effort into securing the edges of their network. But once they're able to get on the inside, you can usually make a lot of lateral movement very easily. Well, this vulnerability lets you get on the inside with full administrator access. So it really makes sense for this particular CVE score to be a dime piece, 10 out of 10 critical. You don't see that every day. Now there is one thing about this vulnerability that makes it not so bad, a saving grace if you will. And that is the fact that the vulnerability would probably never exist or at the very least it would not be exploitable if the network equipment in question was provisioned by competent professionals that have what I would consider to be very basic network security knowledge. So let's start by reading the advisory here from Cisco so that I can show you guys what I'm talking about. Summary. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco iOS XE software when exposed to the Internet or to untrusted networks. This vulnerability allows a remote unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. So privilege level 15, that's the highest level of control you can have over a Cisco device like you basically own that box and like I mentioned earlier it will also most likely get you a lot of lateral movement within somebody's network. Now the web UI, it's something that is enabled by default on Cisco devices. This is some examples of it here and it's very similar to the web page that you'll see when you log into your router by going to 192.168.11 in your browser and then you type in your admin password. Now like I said this is enabled by default on Cisco equipment but you don't have to use it. You can and should administer your devices on the command line. Remember this is enterprise equipment that we're talking about. It's much more powerful, much more expensive than the router that you have at home and there's typically quite a bit more administration work that's going to take place on these devices you know in a corporate environment than the occasional firmware update that you might have to do on your home router and there's typically many of these devices, many switches and routers that are present within an enterprise. So command line interface administration really starts to make sense for a lot of things from a raw efficiency standpoint at the very least and not to mention that it's much easier to script and to automate tasks on the command line than in a web GUI and I don't know off the top of my head how much RAM and CPU power all these devices have but for them to run this web page that's going to be using up some of that. So also from a performance perspective it might make sense for you to disable this web GUI and administer things through the command line. And using a command line should not be a big deal for the people that are working with these devices because ideally they're going to have some kind of Cisco network certification. It's not like we're asking your grandma to use the command prompt to log into the router and change the password on the 5 gigahertz band. The only people that should really be messing with these in the first place are people who have been comfortable with command line interfaces for a long time. But hey, there's been a lot of changes in the world, a lot of folks they love their GUIs and it's probably not acceptable to haze your colleagues who can't into using a terminal plus Cisco enables this web GUI by default. So obviously they want you to use it but I'm pretty sure that they don't want you to make the web GUI for your high end network equipment accessible over the public internet. Yeah, you're not supposed to do that. Putting administrative login portals on public IPs is the big dumb. But there's over 10,000 devices detected so far that have been configured this way and have already been hijacked by hackers and they're probably never going to get fixed. That's the other thing about this. Like the people who configure these devices in this ridiculous way, they're not watching this video, they're not reading Cisco security advisories. They didn't even flip through the first couple of pages of their CC&A textbook. And now there's probably hundreds if not thousands of network admins all over the world who should seriously just consider joining their local Amish community and maybe get a job churning butter or making some furniture. I mean that's a good trade that doesn't require them to use any computers. Just don't get a smart circular saw and connect the admin portal of it to the internet and make it public facing. I honestly can't even think of any situation where it would ever make sense to allow access to these devices from outside of your land. Even if you have remote staff that need to access these devices remotely, they should only be doing so through your company's VPN so that only people with the VPN password and the appropriate certificates on their laptops are able to access it. And there should be further access restrictions beyond that as to who in the company can have access to it and what level of access they have and when they can access it. Like I need to stress that this is not a default configuration on Cisco devices. You have to go out of your way to be stupid like this and sure Cisco could implement some mitigations like not allow you to bind the web UI to a public IP in the first place. This is an enterprise device. There really shouldn't be any padded corners or training wheels added to it. But hey, we live in a world now where network administration is commonly outsourced to the lowest bidder. Information security is outsourced to the lowest bidder. And it's really ironic how many executives of big companies have been complaining about their employees working remotely, but those same people will outsource your job in a heartbeat to someone that's on the other side of the world with the kind of qualifications that make them put admin portals on the internet for everyone to see and hack. And this is why you don't see me clutching my pearls when these big corporations get hacked and when they have ransomware or when they steal their customers information and they sell it on the dark web. Because if you're going to outsource information security and IT work just so that you can make a small additional margin of quarterly profits. Holy cow what you fucking deserve! So now you know. Don't cheap out on your information security and always hire a competent professional. But that's it for this video guys. If you enjoyed it, please like and share to hack the algorithm, follow me on Odyssey and visit base.win to get my new little daemon t-shirts and I really like how this design came out so I'm thinking of putting it on hoodies and hats and probably a whole bunch of other stuff. So far a lot of my friends have told me that they really enjoyed it so you can get it on base.win right now and of course you can save 10% store-wide when you pay in Monero XMR at checkout. Have a great rest of your day.