2017-04-23 at 6:08 PM UTC
So a week or two ago a 0day was discovered in Cisco switches of the model.
12.2(55)SE1 C2960-LANBASEK9-M
12.2(55)SE11 C2960-LANBASEK9-M
There appears to be a problem in the way the Cluster Management Protocol works over telnet. Why telnet? I am not sure, but the point is the vulnerability allows a remote attacker to to execute arbitrary code as super user. According to security researchers over 20k devices are affected, but just searching for the switch model doesn't give me a lot of results.
I need a concrete query so that i can sue the Shodan API to look for these switches. then i will save the IPs to a textfile and write an autopwner.
Any help would be greatly appreciated.