Watch the presentation:
This session will be a detailed examination of Cisco’s Small and Medium Business products, specifically switches, outlining serious 0-day vulnerabilities in the embedded web application and API.
These attacks can result in complete compromise of the endpoint, leakage of accounts and passwords, metadata, and network configuration. Other attacks demonstrated will include XSS / HTML Injection vulnerabilities and unpatchable application issues. These issues affect the entire Cisco Small Business switch product line, SNA, and rebranded products, such as Linksys. This session will serve as the public release for these critical vulnerabilities.
Related Press:
https://www.cyberscoop.com/shmoocon-cisco-0-days-ken-pyle/
Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup
https://www.securityweek.com/cisco-patches-dos-information-disclosure-flaws-small-business-switches