Cisco SMB Products - Critical Vulnerabilities - 0-Day Release
Offered By: 0xdade via YouTube
Course Description
Overview
Explore critical 0-day vulnerabilities in Cisco's Small and Medium Business switches during this 20-minute conference talk from Shmoocon 2020. Delve into detailed examinations of embedded web application and API weaknesses that can lead to complete endpoint compromise, data leakage, and network configuration exposure. Learn about XSS/HTML injection vulnerabilities and unpatchable application issues affecting the entire Cisco Small Business switch product line, SNA, and rebranded products like Linksys. Discover practical applications, API mapping techniques, and impact assessments of these security flaws. Gain insights into potential fixes and the importance of coordinated disclosure from security expert Ken Pyle, partner at DFDR Consulting.
Syllabus
Introduction
Tag injection
User controllable fields
Smart networking application
Client controllable parameters
Practical applications
Smart network applications
Coordinate disclosure
API mapping
V4 interface list
System global setting
Admin user setting
Impact
How to Fix
Taught by
0xdade
Related Courses
CNIT 127: Exploit DevelopmentCNIT - City College of San Francisco via Independent Reverse Engineering and Exploit Development
Udemy Penetration Testing: Advanced Kali Linux
LinkedIn Learning Linux x86 Assembly and Shellcoding
Udemy Python : Sıfırdan İleri Seviyeye - Etik Hacker Örnekleriyle
Udemy