Updated September 26, 2019 12:48:06A group of security researchers has posted on Hacker News an exploit code for Cisco Optimizer Manager that’s been reported as a flaw in a recent vulnerability in the Cisco Security Analyzer toolset.
The exploit code, published by researchers at security firm CrowdStrike, is a simple shellcode exploit that’s vulnerable to “zero-day” vulnerabilities.
It allows the attacker to execute arbitrary commands via the Cisco Optimizers shellcode.
The vulnerability could be used by the attacker if the attacker gains access to Cisco’s internal tools.
After the crash, the user will be presented with the Cisco Admin console.””
The following line of code will execute the shellcode and cause a system crash.
After the crash, the user will be presented with the Cisco Admin console.”
The vulnerability is the latest in a string of security vulnerabilities in Cisco’s Optimizer tools, and one of the most significant in a long time.
Cisco recently announced that it would be moving to a “zero day” approach to fixing CVEs that are not immediately fixed by the vendor, which means that Cisco is working to improve its software.
“Cisco has identified several zero-day vulnerabilities in its Optimizers software that could allow remote attackers to take advantage of these vulnerabilities, including CVE-2018-2499,” Cisco said in a statement.
“In the coming weeks, Cisco will implement a comprehensive security update that will provide customers with the ability to opt-in to the Cisco OAEP program.
Customers will be able to take action to prevent exploits that could lead to a denial-of-service (DoS) attack.”
While Cisco has previously said that it’s working on fixing the vulnerabilities, it’s unclear if the company is ready to implement a new security update to address the CVE.
A Cisco spokeswoman said in an email that “we’re still working on the mitigation of this threat and will provide updates as soon as they are available.”
The Cisco Optimizing tools, Cisco Optimists, are used by a variety of businesses and organizations to help them optimize their systems for maximum impact.
The company has said that the toolset is used to help customers improve their network security and reduce downtime.
CrowdStrike, which was the first to publish the exploit code on HackerNews, said that while it’s not clear what Cisco was doing to prevent the vulnerability, it did notify the company.
“While it is possible that Cisco has fixed the vulnerability and will update the tools soon, the company has notified customers that this vulnerability has been fixed and is actively investigating the issue,” CrowdStrike said.
“We have not yet seen a fix for the vulnerability.”
The researchers are not the only ones to find the vulnerability in Cisco Optimizers.
On Monday, security firm Kaspersky Lab reported that it found an exploit in Cisco Optimize Manager that allows the hacker to execute code.