ISC StormCast for Tuesday, March 21st 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 21 March 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, March 21st, 2017 edition of the Sandcented Storm Center's Stormcast. |
| 0:07.9 | My name is Johannes Orich, and I'm recording from Jacksonville, Florida. |
| 0:12.7 | Cisco released a critical security advisory regarding a vulnerability in its software cluster management |
| 0:20.6 | protocol. The vulnerability is capable of |
| 0:23.6 | executing code remotely and at the very least can be used for denial of service attack. |
| 0:30.6 | Now Cisco became aware of this vulnerability based on the leaked CIA hacking tools, the famous WikiLeaks, Walt 7 release |
| 0:41.0 | that we've seen a couple weeks ago. There is currently no patch for this vulnerability. So Cisco |
| 0:48.6 | just released this advisory to essentially tell their customers that there is the vulnerability, they're working on a patch. |
| 0:55.9 | This particular cluster management protocol writes on top of Telnet. |
| 1:00.0 | The exploit actually uses just some invalid Telnet control sequences in order to execute random code. |
| 1:08.5 | So to protect yourself, you should just block telnet access to affected devices. |
| 1:14.2 | That's probably best practice anyway. If you're exposing your Cisco or whatever gear, not just |
| 1:20.1 | Cisco to Telnet, you probably are playing with fire and should block that as close as possible to the device. |
| 1:30.3 | A large number of Cisco's catalyst switches are vulnerable. |
| 1:34.5 | Please refer to Cisco's advisory for the authoritative list. |
| 1:38.9 | And last weekend, another pawn to own competition in Vancouver went underway and probably the most |
| 1:46.7 | impressive vulnerability being demonstrated was one that used Microsoft Edge in order to not only get |
| 1:55.6 | access to the system Microsoft Edge was running on but then even further in this particular case Microsoft Edge was running on. But then even further, in this particular case, Microsoft Edge |
| 2:04.0 | was running inside a virtual machine. They then used a VMware workstation exploit in order |
| 2:11.3 | to escape the virtual machine and actually break out into the host. So this would be pretty much what you would consider a secure environment with Microsoft |
| 2:21.8 | Edge, the more modern browser, and then of course running on Windows 10 inside a virtual |
| 2:28.4 | machine. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.