Metasploit is going after Cisco’s networking equipment in its latest update. But it’s not exploring new flaws — rather, the security testing framework is going after two vulnerabilities in Cisco’s gear that have been known for more than a decade.
Metasploit Chief Architect HD Moore explained that Rapid7, where he serves as chief security officer, has recently brought its Cisco target network online, and was greeted by a barrage of submissions from the community relating specifically to the networking giant.
“This gave us an opportunity to leverage the results from some background research projects into a suite of new functionality, then tie these features together into a cohesive auditing workflow within the commercial Metasploit products,” Moore said.
The Metasploit security vulnerability testing framework is getting an update this week with the Metasploit 3.5.1 release, which includes new capabilities that take aim at networking gear from Cisco.
Metasploit provides a framework with which security researchers can test and enumerate the security posture of their networks. The addition of specific features that target Cisco (NASDAQ: CSCO) equipment isn’t directly related to any specific, newly discovered exploits in Cisco technology.