Millions Of Cisco Devices Vulnerable To Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Millions Of Cisco Devices Vulnerable To Attack

A method for shutting down networking devices circulates on the Internet.

The race is on: Can security managers plug the flaw in the operating system for Cisco Systems switches and routers before hackers take advantage of the vulnerability and crash corporate networks and parts of the Internet? Cisco revealed the operating system problem Wednesday and made available a patch to fix it. But a day later, someone published a method, known as an "exploit," for using the flaw to shut down network traffic flowing through Cisco devices.

That means corporate security and network managers, as well as Internet service providers, need to move quickly to patch their systems before someone uses the exploit to attack their networks. The exploit was posted to the Full Disclosure security mailing list late Thursday. It lets attackers target and potentially shut down individual routers and switches. However, the exploit does not let attackers conduct a widespread, automated distributed denial-of-service attack, which comes from multiple systems toward targeted systems.

But that could change quickly, security experts say. "It's just a matter of writing a script. It's a simple thing to do," says Al Huger, senior director of engineering security response for the security firm Symantec Corp. "It's not a matter of if this will become automated, it's a matter of when." Most Internet security companies have raised their warning levels because the exploit was published. Internet Security Systems Inc. raised its "AlertCon" status to three, with four being the most severe alert level. Symantec has also gone to a level three on a scale of one to four.

There isn't any clear evidence that hackers are using the new exploit, but some abnormal router behavior is being reported, says Shawn Hernan, team leader for vulnerability handling at the federally funded Internet security watch-group CERT Coordination Center. Symantec has seen a small amount of activity around the exploit, Huger says. "It's being used to a small degree. It's being tested."

In the past, hackers generally haven't attacked known flaws in networking gear, Huger says. "This hasn't been the kind of thing used for mass distributed denial-of-service attacks. But all it takes is one person with poor judgment to change that," he says.

The flaw affects versions 11 and 12, up through revision 12.3, of Cisco's Internetworking Operating System. When certain types of Internet Protocol version 4 packets are sent to an unpatched switch or router, the device incorrectly handles the packets and ceases operations. Typically, traffic on the router or switch will be stopped one way for four hours, then, as the device refreshes its tables, traffic heading in the other direction also stops.

Detailed information on the Cisco flaw is available here.

Security experts are very concerned about this because Cisco devices make up about 80% of the switches and routers used to handle Internet traffic, meaning there are millions of potentially vulnerable devices that need to be patched.

"Patching an IOS flaw is no walk in the park," Huger says. "It's something people are loath to do because patching these devices can often cause other problems. But this is one that can't be put off. You have to get to this."

CERT's advisory on the exploit posted Friday can be found here.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Enterprise Guide to Multi-Cloud Adoption
Cathleen Gagne, Managing Editor, InformationWeek,  9/27/2019
5 Ways CIOs Can Better Compete to Recruit Top Tech Talent
Guest Commentary, Guest Commentary,  10/2/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll