Talk at the CCC conference by Artem Kondratenko about simplicity of cracking Cisco IOS leading full takeover.
Year 2017 was rich in vulnerabilities discovered for Cisco networking devices. At least 3 vulnerabilities leading to a remote code execution were disclosed. This talk will give an insight on exploit development process for Cisco IOS for two of the mentioned critical vulnerabilities. Both lead to a full takeover of the target device. Both PowerPC and MIPS architectures will be covered. The presentation will feature an SNMP server exploitation demo.
Interesting video to watch and reminds you that Cisco software is poorly secured as a general issue.
Link: media.ccc.de – 1-day exploit development for Cisco IOS – https://media.ccc.de/v/34c3–8936–1-day_exploit_development_for_cisco_ios#t=301