Exploiting these bugs would require a threat actor to obtain admin-level access on the local device. However, given that many deployments are likely not to change the default device passwords, threat actors may not have much difficulty obtaining those admin credentials.
Researchers at Trellix have advised those using the Cisco products to check for any abnormal containers installed on relevant Cisco devices, and recommended that organizations that don’t run containers disable the IOx container framework entirely. Most important of all, they emphasized, was that “organizations with affected devices should update to the latest firmware immediately.” Patching devices and changing default admin passwords are highly recommended.
https://www.darkreading.com/ics-ot/command-injection-bug-cisco-industrial-gear-devices-complete-takeover
