Login

Register

Login

Register

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras


hacking cisco networking devices

Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.

Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones.

Collectively dubbed ‘CDPwn,’ the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol (CDP) that comes enabled by default on virtually all Cisco devices and can not be turned OFF.

Cisco Discovery Protocol (CDP) is an administrative protocol that works at Layer 2 of the Internet Protocol (IP) stack. The protocol has been designed to let devices discover information about other locally attached Cisco equipment in the same network.

According to a report Armis research team shared with The Hacker News, the underlying CDP implementations contain buffer overflow and format string vulnerabilities that could let remote attackers on the same network execute arbitrary code on the vulnerable devices by sending malicious unauthenticated CDP packets.

The list of CDPwn Cisco vulnerabilities affecting tens of millions of devices widely deployed in enterprise networks is as follow:

  • Cisco NX-OS Stack Overflow in the Power Request TLV (CVE-2020-3119)
  • Cisco IOS XR Format String vulnerability in multiple TLVs (CVE-2020-3118)
  • Cisco IP Phones Stack Overflow in PortID TLV (CVE-2020-3111)
  • Cisco IP Cameras Heap Overflow in DeviceID TLV (CVE-2020-3110)
  • Cisco FXOS, IOS XR, and NX-OS Resource Exhaustion in the Addresses TLV (CVE-2020-3120)

To be noted, since CDP is a Data Link layer 2 protocol that can’t cross the boundaries of a local area network, an attacker first needs to be on the same network to leverage CDPwn vulnerabilities.

However, after gaining an initial foothold in a targeted network using separate vulnerabilities, attackers can exploit CDPwn against network switches to break network segmentation and move laterally across the corporate networks to other sensitive systems and data.

“Gaining control over the switch is useful in other ways. For example, the switch is in a prime position to eavesdrop on network traffic that traverses through the switch, and it can even be used to launch man-in-the-middle attacks on the traffic of devices that traverses through the switch,” the researchers said.

“An attacker can look to move laterally across segments and gain access to valuable devices like IP phones or cameras. Unlike switches, these devices hold sensitive data directly, and the reason to take them over can be a goal of an attacker, and not merely a way to break out of segmentation.”

Additionally, CDPwn flaws also allow attackers to:

  • Eavesdrop on voice and video data/calls and video feed from IP phones and cameras, capture sensitive conversations or images.
  • Exfiltrate sensitive corporate data flowing through the corporate network’s switches and routers.
  • Compromise additional devices by leveraging man-in-the-middle attacks to intercept and alter traffic on the corporate switch.

Besides releasing a detailed technical report on the issues, the Armis research team has also shared videos of explanation and demonstration of the flaws, as embedded above.

Cisco Routers, Switches, IP Phones and Cameras

After closely working with Armis researchers over the last few months to develop security patches, Cisco today released software updates for all of its affected products.

Though Cisco has also provided some mitigation information, affected administrators are still highly recommended to install the latest software updates to completely protect their valuable networks against malware and emerging online threats.





The Original Source Of This Story: Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW