This session will be a detailed examination of Cisco’s Small and Medium Business products, specifically switches, outlining serious 0-day vulnerabilities in the embedded web application and API.
These attacks can result in complete compromise of the endpoint, leakage of accounts and passwords, metadata, and network configuration. Other attacks demonstrated will include XSS / HTML Injection vulnerabilities and unpatchable application issues. These issues affect the entire Cisco Small Business switch product line, SNA, and rebranded products, such as Linksys. This session will serve as the public release for these critical vulnerabilities.
Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization, and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance, and exploit development. Ken has published exploit research and vulnerabilities for a large number of companies, including Dell, Cisco, Sonicwall, Sage Software, and DATTO. Ken’s academic work includes social engineering research, application of sociology and psychological factors to phishing campaigns, and technical work on next generation attacks.