>the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors>We have not determined the initial access vector used in this campaign. We have not identified evidence of pre-authentication exploitation to date. Our investigation is ongoing, and we will provide updates, if necessary, in the security advisories or on this blog.https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/CVE-2024-20359 seems like a nothingburger (root access for authenticated, local attacker) but considering the above i wonder if it was exploited in the wild by physical access, or is there another RCE exploit we don't know about.
>enterprise hardwarenothingburger, at worst the glows know the krabby patty secret formula
>targeting perimeter network devices from multiple vendorsbut then>Further, network telemetry and information from intelligence partners indicate the actor is interested in — and potentially attacking — Microsoft Exchange servers and network devices from other vendorsso seems like only Cisco is affected, the attacker targets other vendor devices from the inside only after exploiting Cisco appliance?
