Cisco has been in the news over the last few weeks due to the vulnerabilities that the company has identified in some of its routers. The Cisco router hacks are really a small portion of the overall router management software (RMS) attacks. SIL ran a quick query against current data to look at trends in successful incursion patterns. The findings are aggregated world-wide, with a split out for those incursions that are primarily US-based. The steep rise in the successful execution of this incursion is significant and does not show any sign of leveling off. Further details will be documented in this month's GSW for subscribers.
There is something though that needs to be put into perspective. While Cisco is catching a lot of flak for this vulnerability, it is not the only vendor that has had successful incursions on this vector. In fact, the data reported into SIL's GSW shows that there are 36 vendors that have had this type of incursion in significant numbers. However, only three of those vendors have notified their customers of the problem, and two of those did so in a manner that indicates it is the client's responsibility, rather than a systemic exposure. Cisco has been publicly upfront about the problem. This is an extremely responsible position. Their public admission of a problem has allowed organizations to better address the vulnerability and to also evaluate whether their systems have been compromised. Without the publication of this issue in a forthright manner, the incursions would continue to grow in the dark.