Hello and welcome to the Thursday, March 20th,

2000-25 edition of the Sands and a Stormontas Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Well, today I took a look at some Cisco smart licensing utility vulnerabilities.

There are two vulnerabilities that were patched September

last year. Now, shortly after the patch was released, there was also an exploit released.

And the exploit is pretty straightforward for this vulnerability. It was yet another of these

static credential vulnerabilities.

So really all you need to know in order to exploit the vulnerability is, well, what these

static credentials were.

And that's what a blog post that was published a couple days after the patch came out,

well, revealed.

Haven't really seen much exploitation of this vulnerability so far.

However, today I noticed that we got some significant scanning for this vulnerability,

for the particular URL being used.

And then when I looked at the complete request, they indeed used an authorization

header with these static credentials. This is part of what looks like some kind of botnet.

They're scanning for a number of other vulnerabilities. Some of these vulnerabilities are,

it's just looking for credentials, like things

like ENB files and such being leaked, but they're also looking interestingly for another

little bit odd sort of video recorder vulnerability, one of these security camera

recorders, also static credentials.

...