CVSS 10 score bug on Cisco IOS | Cyber Insurance and MOVEit
CyberInsights #115 - A new vulnerability affects Cisco devices with https server enabled || Cyber Insurance Premiums đ
Cisco router Zero Day with CVSS score of 10.0 being actively exploited
The vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access
If you have enabled âhttps serverâ on your Cisco router facing the internet, you probably deserve to be hacked.
The https server provides a helpful Web GUI to manage the router. It also has a zero day vulnerability that allows someone to get highly privileged access to your device. [LINK].
Read more about detecting the vulnerability on Ciscoâs official blog. [LINK]
Take Action:
The only action currently recommended is to disable https server. And if you have enabled it on an internet facing device, well, fire yourself. Or at least read up on router hardening guidelines on Ciscoâs site. [LINK]
MOVEit still movingâ it - now in Cyber Insurance
Progress softwareâs cyber insurance claims might move the goalpost on cyber insurance premiums. Again.
Remember the days in school where the whole team had to run two additional laps just because a joker did something out of line?
Cyber Insurance premiums, already on the rise, are set to rise further after Progress software looks to claim close to US$ 15 million in insurance claims [LINK]
Cyber insurers find it tough to gauge cyber risks due to lack of historical data. They tend to overcompensate by hiking premiums based on most recent events.
Take Action:
This is for cyber insurers. MOVEit kind of breaches bring two types of risks. There is the direct risk of the insured. There is also an accumulation risk of all parties using services of providers like MOVEit. As you increase the size of your book, look at what you are accumulating. Use scenarios to model accumulation.