Systems Engineering is paying special attention to a Cisco IOS XE Software Web UI Command Injection Vulnerability that was announced earlier this week. Also known as "ThrangryCat Vulnerability," it is serious enough to get the attention of the press. As quoted on ZDNet, "This vulnerability allows hackers to plant persistent "backdoors" on Cisco gear, even over the Internet, with no physical access to vulnerable devices."
Clients of Systems Engineering should understand the following:
- Systems Engineering will continue to monitor the vulnerability
- When updates are made, our team will deploy the fix for Service Response Plan (SE Critical Care) clients
- As part of the standard build, Systems Engineering disables "IP HTTP Service" to remove the vulnerability
Clients who have question or concerns should reach out to their Account Managers. If you are not a current Systems Engineering client and have questions, please email firstname.lastname@example.org or call 888.624.6737.