jmcs@discuss.tchncs.detoCybersecurity@sh.itjust.works•Cisco is still hard-coding passwords into its productsEnglish
9·
3 hours agoYou are right:
The second is using SSH, which is enabled by default on the management interface of the device. SSH can also be enabled on data interfaces.
Holy fuck.
Even if it’s not directly accessible from the internet on its own, if it’s accessible from an host exposed to the internet then anyone that can compromise a single host can immediately compromise the firewall.
“It’s only exposed to the outdated wordpress server” is effectively the same as being exposed to the internet.