[Lista ArNOG] Cisco 0 Days.

[Eduardo Casarero]

Por si no lo pescaron por otra lista.

The discovery, dubbed CDPwn, exposes vulnerabilities which could allow an
attacker to fully take over all of these devices.  Four of the five
vulnerabilities are remote code execution (RCE) vulnerabilities while one
is a Denial of Service (DoS) vulnerability. Exploitation of the RCE
vulnerabilities can lead to:

   - Breaking of network segmentation
   - Data exfiltration of corporate network traffic traversing through an
   organization's switches and routers
   - Gaining access to additional devices by leveraging man-in-the-middle
   attacks by intercepting and altering traffic on the corporate switch
   - Data exfiltration of sensitive information such as phone calls from
   from devices like IP phones and video feeds from IP cameras


https://www.armis.com/cdpwn/

-- 
Eduardo Casarero
Sysarmy - Organización
mobile 54 911 56306373
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://mailmancabase.interdotnet.com.ar/pipermail/lista/attachments/20200210/a20d10cb/attachment.html>