Metasploit Takes Aim at Cisco Insecurity

[ Thanks to SMK for this link. ]

"The Metasploit security vulnerability testing framework is getting an update this week with the Metasploit 3.5.1 release, which includes new capabilities that take aim at networking gear from Cisco.

"Metasploit provides a framework with which security researchers can test and enumerate the security posture of their networks. The addition of specific features that target Cisco (NASDAQ: CSCO) equipment isn't directly related to any specific, newly discovered exploits in Cisco technology.

""We did not coordinate with Cisco's PSIRT (Product Security Incident Response Team) as the two vulnerabilities exploited by this feature are over 10 years old – authentication bypass flaws in the IOS HTTP service," HD Moore, Rapid7 Chief Security Officer and Metasploit chief architect told InternetNews.com. "There are a number of tools that support each of these attacks methods individually, but the value provided by this release is in the attack chaining and automation.""

Complete Story

Related Stories:

• GnackTrackR3 is now out! Penetration testing for Gnome fans(Dec 17, 2010)
• Remote root vulnerability in Exim(Dec 10, 2010)
• Interesting kernel exploit posted(Dec 08, 2010)
• Weekend Project: Intrusion Detection on Linux with AIDE(Dec 04, 2010)
• Fuzzing proprietary protocols not that hard #sectorca(Oct 29, 2010)
• Past, Present and Future of Metasploit(Oct 26, 2010)