Millions of devices affected by Cisco Software vulnerabilities

12/04/2018

Millions of devices affected by Cisco Software vulnerabilities

On 7 April Reuters reported that unknown hackers attacked networks in several countries, including data centres in Iran. After the attack, the hackers reportedly left an image of a US flag on the screens of affected computers with the warning ‘Don’t mess with our elections’. The attackers allegedly exploited a vulnerability in Cisco switches that involves the misuse of the Smart Install protocol. According to a statement published by the Iranian Communication and Information Technology Ministry, the attack targeted internet providers and cut off web access for subscribers.

This was not the first time Cisco devices, their software, and their vulnerabilities have been in the news in recent days. On 28 March Cisco published a security advisory warning its customers of another vulnerability in the same Smart Install feature of Cisco IOS Software and Cisco IOS XE Software. If exploited, the vulnerability could allow attackers to trigger a reload of the device, to execute arbitrary code on the device or to cause an indefinite loop that results in a denial of service (DoS) condition. According to cyber security researchers at Embedi, the vulnerability potentially affects over eight million devices.

VULNERABLE SWITCHES LEAVE NETWORKS EXPOSED

The critical vulnerability affects Cisco switches running a vulnerable release of the Cisco IOS or IOS XE Software and an enabled Smart Install client feature. A switch is a networking device that connects computers in a network and passes data from one connected device to another. The Smart Install feature is a so-called ‘plug-and-play’ configuration that allows a client to place a new switch in an existing network with no configuration required on the new device. Hackers can use the vulnerability in the Smart Install client feature to access areas in the switch’s software known to hold executable code and replace it with their own malicious code. The Smart Install feature is generally enabled by default, and network administrators can easily oversee this security gap.

ADVICE TO NETWORK ADMINISTRATORS

Cyber security researchers have only recently disclosed this vulnerability of the Cisco switches with the Smart Install client feature that can give hackers access to vulnerable network equipment. Even though Cisco has been aware of this vulnerability since May 2017, the company only recently published a patch with a software update which addresses the issue. Organisations and their network administrators need to plan for such instances in order to be prepared for the surfacing of new and unknown vulnerabilities. Policies and procedures need to be put in place before an incidents occurs for the organisation to be able to mitigate potential damage.

Software vulnerabilities such as the Cisco Smart Install client feature can pose a significant cyber security threat to businesses, their IT infrastructure, and information assets. Attackers can exploit vulnerabilities to disrupt business operations, to introduce ransomware to a network or to steal and later leak sensitive data. In order to proactively tackle cyber security issues connected to unknown vulnerabilities, network administrators are advised to ensure their software is always up-to-date and their devices undergo regular vulnerability scans. Additionally, penetration testing of an organisation’s IT systems and networks can detect and assess the extent of vulnerabilities. NYA’s Cyber Risk Management services can help you understand how to mitigate, avoid, accept or transfer the risks connected to software vulnerabilities. For a discrete conversation about how NYA can help you protect your assets, monitor threats, and build resilience to incidents, contact us today.