Zach Varnell, Senior AppSec Consultant at nVisium, a Falls Church, Virginia-based application security provider, explains, “These are very popular Cisco devices, and it’s extremely common for said devices to rarely — or never — receive updates. Users tend to want to leave well enough alone and not touch a device that’s been working well — including when it needs important updates. Many times, users also take advantage of plug-and-play functionality, so they do very little or zero configuration changes, leaving the device at its default status and ultimately vulnerable.”

Read the entire article here!