“Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there’s no indication they are exploiting vulnerabilities. Cisco also said that the hacker’s ability to install malicious firmware exists only for older company products. Newer ones are equipped with secure boot capabilities that prevent them from running unauthorized firmware.”
Hardcoded creds seems like a really bad idea on a network appliance. If they MUST have hardcoded creds how about they only work when sent through a serial console at least your attacker would have to have local physical access to the device.
“Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there’s no indication they are exploiting vulnerabilities. Cisco also said that the hacker’s ability to install malicious firmware exists only for older company products. Newer ones are equipped with secure boot capabilities that prevent them from running unauthorized firmware.”
“Good news everyone, our old products are compromised, and the only solution is to buy new ones!”
“China found the backdoors we installed for the NSA, buy our new product with different backdoors.”
I wonder if they’re using default/hard coded creds (Ciscos have had a ton of them) or if its just bad password hygiene on the admins’ part.
Hardcoded creds seems like a really bad idea on a network appliance. If they MUST have hardcoded creds how about they only work when sent through a serial console at least your attacker would have to have local physical access to the device.
I do agree, and Cisco immediately grabbed the occasion to push their shitty restrictive trusted boot policy. Which is worrying.