Has someone in Asia exploited Cisco

After doing some logfile analysis briefly yesterday, I noticed what seems
to be some form of bot, worm, something, searching for what could seems to
point to a Cisco exploitation of sorts. (http://tinyurl.com/df9d8)

All the hosts who've tried searching for the string are coming from APNIC.
So I'm wondering... Has someone taken Michael Lynn's paper "Holy Grail"
and produced a "DaVinci Code" to exploit the flaws Lynn spoke of...

Code snippet below is of "cisco_scanner.c" which searches for the same
particular /level/16/exec/-///pwd string however the code can be modified
(obviously) and a search turns up less than one page of results on Google.
Author's page seems to be gone like the wind... Anyhow.

# grep "/level/16/exec/-///" access_log |awk '{print $1,"\t\t"$7}' /level/16/exec/-///pwd /level/16/exec/-///pwd /level/16/exec/-///pwd /level/16/exec/-///pwd /level/16/exec/-///pwd /level/16/exec/-///pwd /level/16/exec/-///pwd /level/16/exec/-///pwd /level/16/exec/-///pwd /level/16/exec/-///pwd

whois.apnic.net $ABOVE_HOSTS

Code snippet...

        Multi-thread Cisco HTTP vulnerable scanner v0.2
    by Inode

#define HTTP_REQUEST "GET /level/16/exec/-///pwd HTTP/1.0\n\n"

So now I have yet another mod_security rule added :wink:

SecFilterSelective THE_REQUEST "/level/16" "redirect:http://www.cisco.com"