Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants.
At what point do we also blame cisco customers for just plugging stuff in and not changing passwords? Cisco did not come into their customers locations and set up racks of stuff, or did they?
If this was just unsecured, internet facing routers then your point would make sense. However, in this case there is a vulnerability in the WebUI platform that allows unauthenticated users to make admin accounts to the system. That is absolutely Cisco’s fault
On Monday, Cisco disclosed that unauthenticated attackers can exploit the IOS XE zero-day to gain full administrator privileges and take complete control over affected Cisco routers and switches remotely.
At what point do we also blame cisco customers for just plugging stuff in and not changing passwords? Cisco did not come into their customers locations and set up racks of stuff, or did they?
If this was just unsecured, internet facing routers then your point would make sense. However, in this case there is a vulnerability in the WebUI platform that allows unauthenticated users to make admin accounts to the system. That is absolutely Cisco’s fault
That seems to be on Cisco in this case.