Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models. The company identified this highest level of vulnerability in its product while analyzing "Vault 7" — a roughly 8,761 documents and files leaked by Wikileaks last week.
The vulnerability resides in the CMP processing code in Cisco IOS and Cisco IOS XE Software. If exploited, the flaw could allow an unauthenticated, remote attacker to cause a reboot of an affected device or remotely execute malicious code on the device with elevated privileges to take full control of the device.Read more
Users of Cisco's Professional Careers mobile site, mjobs.cisco.com, have been warned of a potential leak of their data, which the networking giant is pinning on an incorrect security setting.
"Cisco's investigation found this to be the result of an incorrect security setting following system maintenance on a third-party's website," the company said in its advisory. "Upon learning this, the setting was immediately corrected and user passwords to the site were reset." The setting was found to be in place between August and September 2015, and July and August 2016, the company said.Read more
Cisco released several critical software patches this week for its Nexus 7000-series switches and its NX-OS software. The vulnerabilities can allow remote access to systems, enabling a hacker to execute code or commands on targeted devices.
Both the Nexus 7000 and 7700 series switches are susceptible to overlay transport virtualization buffer overflow flaws. This bug is due to incomplete input validation performed on the size of overlay transport virtualization packet header parameters. Exploiting this vulnerability can result in a buffer overflow and open the door for an attacker to execute arbitrary code and obtain full control of the system.Read more
Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA's hacking exploits and implants leaked by the group calling itself "The Shadow Brokers."
Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA's Equation Group, which was designed to target major vendors including, Cisco, Juniper, and Fortinet. Cisco analyzed the exploit and noted that it had not identified any new flaws related to this exploit in its current products.Read more
Technology vendor Cisco is pushing out security updates to customers to address a critical vulnerability found in its recently introduced line of FirePower firewall products. The vulnerability, according to Cisco, allows attackers to slip malware onto critical systems without detection.
The flaw also impacts Snort, an open source network-based intrusion detection system also owned by Cisco. Cisco alerted customers of the vulnerability last week classifying it as “high severity”. Impacted Cisco hardware include several Firepower firewall appliances, its Next Generation Intrusion Prevention System for both Blue Coat and VMware security services.Read more
A Cisco VPN product has been targeted by malicious actors looking to steal sensitive credentials and maintain access to compromised networks, according to incident response and threat intelligence company Volexity.
The security firm says it has spotted attacks against several organizations via the Cisco Clientless SSL VPN, a product that allows Cisco Adaptive Security Appliance customers to securely gain access to the corporate network via a web-based portal. Users can be allowed to access internal files and web resources using the VPN solution so it’s important to ensure that it’s properly protected against hacker attacks.Read more
Mandiant has been involved in researches related to cyber defense. In their recent findings, a backdoor malware identified as the one compromising the principles of Cisco routers with features such as рaving an everlasting effect.
The malicious program is implanted in the router illicitly through the device’s firmware. The goal is achieved by modifying the router's firmware image, which exists even after the device gets a reboot. Also, it was reported about vulnerabilities in Belkin routers leading to privilege escalation and cyber attacks like man-in-the-middle attack. This is considered as an evident example where routers are being compromised on a large level.Read more
Installing rogue firmware on embedded devices has long been a concern for security researchers, and it seems that such attacks have started to gain ground with hackers.
Cisco Systems warned customers that it is aware of a limited number of cases where attackers have replaced the boot firmware on devices running its IOS operating system. IOS runs on most Cisco routers and switches and provides a complex set of networking tools and features. Attackers used valid administrative credentials in order to replace the ROMMON image on IOS devices. For attackers, the benefit of installing a malicious image on a device is that it makes compromises persistent.Read more
Cisco’s chief executive has written to President Barack Obama warning of a collapse of trust in US technology after evidence emerged showing the National Security Agency breaking into his company’s equipment.
In a letter John Chambers called for “standards of conduct” to rein in government surveillance so that national security objectives do not interfere with the US’s leading position in the global technology market. The letter was dated the day after pictures circulated on the internet showing NSA staff opening boxes of Cisco gear so that the US security agency can monitor internet traffic after the equipment has been shipped to customers. Mr Chambers complained that the NSA actions would undermine confidence among customers of US technology firms.Read more