Cisco SMB Products - Critical Vulnerabilities - 0-Day Release

Explore critical 0-day vulnerabilities in Cisco's Small and Medium Business switches during this 20-minute conference talk from Shmoocon 2020. Delve into detailed examinations of embedded web application and API weaknesses that can lead to complete endpoint compromise, data leakage, and network configuration exposure. Learn about XSS/HTML injection vulnerabilities and unpatchable application issues affecting the entire Cisco Small Business switch product line, SNA, and rebranded products like Linksys. Discover practical applications, API mapping techniques, and impact assessments of these security flaws. Gain insights into potential fixes and the importance of coordinated disclosure from security expert Ken Pyle, partner at DFDR Consulting.

Introduction
Tag injection
User controllable fields
Smart networking application
Client controllable parameters
Practical applications
Smart network applications
Coordinate disclosure
API mapping
V4 interface list
System global setting
Admin user setting
Impact
How to Fix