A default feature in Cisco routers can be exploited to surrender data, according to this post in The Register. The vulnerability was discovered by Brazilian security researchers and Cisco is aware of it.
The feature is embedded packet capture, a troubleshooting tool that allows administrators to capture packets to determine, for example, the cause of an anomaly. The researchers used the EPC feature to collect massive amounts of data that could be exploited, though they and Cisco admit access to EPC would require privileged user access.
But since EPC is a default feature, its potential for abuse still presents a risk, the researchers say. They say hackers could access user credentials, pre-shared keys and other sensitive information.
Cisco advises customers is to ensure that appropriate user access controls are in place to avoid abuse of the EPC feature, according to The Register.
The researchers presented and demonstrated their findings at this week’s Infiltrate conference in Miami.
More from Cisco Subnet: