Welcome to our forum!
Be sure to read the Forum Rules before posting!
Over the past few months, not one, not two, but five different backdoors joined the list of security flaws in Cisco routers.
Way back in 2004, Cisco wrote an IETF proposal for a “lawful intercept” backdoor for routers, which law enforcement could use to remotely log in to routers. Years later, in 2010, an IBM security researcher showed how this protocol could be abused by malicious attackers to take over Cisco IOS routers, which are typically sold to ISPs and other large enterprises.
Attackers could exploit these backdoors and not leave any audit trail. That’s how the lawful intercept protocol was designed so that ISP employees can’t tell when a law enforcement agent logs to the ISP’s routers (even though law enforcement is supposed to gain this access with a court order or other legal access request).
Furthermore, this protocol could be abused by ISP employees because no one else working for the ISP could then tell when someone gained access to the routers via Cisco’s Architecture for Lawful Intercept.
The first of these flaws, and probably the easiest to exploit, is CVE-2018-0222. Cisco describes this as an "undocumented, static user credentials for the default administrative account," which is just a longer way of spelling backdoor account.