YoVDO

Cisco SMB Products - Critical Vulnerabilities - 0-Day Release

Offered By: 0xdade via YouTube

Tags

ShmooCon Courses Cybersecurity Courses API Security Courses Vulnerability Assessment Courses Exploit Development Courses

Course Description

Overview

Explore critical 0-day vulnerabilities in Cisco's Small and Medium Business switches during this 20-minute conference talk from Shmoocon 2020. Delve into detailed examinations of embedded web application and API weaknesses that can lead to complete endpoint compromise, data leakage, and network configuration exposure. Learn about XSS/HTML injection vulnerabilities and unpatchable application issues affecting the entire Cisco Small Business switch product line, SNA, and rebranded products like Linksys. Discover practical applications, API mapping techniques, and impact assessments of these security flaws. Gain insights into potential fixes and the importance of coordinated disclosure from security expert Ken Pyle, partner at DFDR Consulting.

Syllabus

Introduction
Tag injection
User controllable fields
Smart networking application
Client controllable parameters
Practical applications
Smart network applications
Coordinate disclosure
API mapping
V4 interface list
System global setting
Admin user setting
Impact
How to Fix


Taught by

0xdade

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network