YoVDO

Cisco SMB Products - Critical Vulnerabilities - 0-Day Release

Offered By: 0xdade via YouTube

Tags

ShmooCon Courses Cybersecurity Courses API Security Courses Vulnerability Assessment Courses Exploit Development Courses

Course Description

Overview

Explore critical 0-day vulnerabilities in Cisco's Small and Medium Business switches during this 20-minute conference talk from Shmoocon 2020. Delve into detailed examinations of embedded web application and API weaknesses that can lead to complete endpoint compromise, data leakage, and network configuration exposure. Learn about XSS/HTML injection vulnerabilities and unpatchable application issues affecting the entire Cisco Small Business switch product line, SNA, and rebranded products like Linksys. Discover practical applications, API mapping techniques, and impact assessments of these security flaws. Gain insights into potential fixes and the importance of coordinated disclosure from security expert Ken Pyle, partner at DFDR Consulting.

Syllabus

Introduction
Tag injection
User controllable fields
Smart networking application
Client controllable parameters
Practical applications
Smart network applications
Coordinate disclosure
API mapping
V4 interface list
System global setting
Admin user setting
Impact
How to Fix


Taught by

0xdade

Related Courses

CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent
Reverse Engineering and Exploit Development
Udemy
Penetration Testing: Advanced Kali Linux
LinkedIn Learning
Linux x86 Assembly and Shellcoding
Udemy
Python : Sıfırdan İleri Seviyeye - Etik Hacker Örnekleriyle
Udemy