That mega-vulnerability Cisco dropped is now under exploit

That mega-vulnerability Cisco dropped is now under exploit

Hackers are actively trying to exploit a high-severity vulnerability in widely used Cisco networking software that can give complete control over protected networks and access to all traffic passing over them, the company has warned.

The warning of the in-the-wild exploit attempts came around the same time Cisco warned that the vulnerability—already carrying the maximum severity rating of 10 under the Common Vulnerability Scoring System—posed an even greater threat than originally believed. The revised assessment was based on a detailed investigation Cisco researchers carried out after issuing last week's initial advisory, which was based on findings from outside security firm NCC Group. As a result of the new findings, Cisco issued a new set of patches to replace the ones it released earlier.

"After broadening the investigation, Cisco engineers found other attack vectors and features that are affected by this vulnerability that were not originally identified by the NCC Group and subsequently updated the security advisory, Cisco officials wrote on Monday. "In addition, it was also found that the original list of fixed releases published in the security advisory were later found to be vulnerable to additional denial of service conditions."

See https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/

That mega-vulnerability Cisco dropped is now under exploit
Bug with maximum severity rating is generating plenty of interest among hackers.


from Danie van der Merwe - Google+ Posts http://ift.tt/2H4gn9v
via IFTTT

Comments