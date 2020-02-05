Telephones and routers in the workplace have a long, legendary history of very serious vulnerabilities. Now it’s time to add to the list: researchers say that a number of recently discovered errors in Cisco products for companies – such as desk phones, web cameras and network switches – can be exploited to penetrate deep into corporate networks. Because Cisco dominates the market for network devices, the bugs affect millions of devices.

All software has defects, but embedded device problems are especially important given the potential for espionage and the inherent complexity of patching them. These specific vulnerabilities, found by the corporate security company Armis, can also come from the “segmentation” that IT managers use to silence different parts of a network, such as a guest wifi, to cause widespread problems. Attackers can target a vulnerable Cisco network switch – moving data around an internal network – to intercept large amounts of non-encrypted, internal information and switch between different parts of a target’s system. Attackers can use related errors, also disclosed by Armis, to simultaneously attack batches of Cisco devices – such as all desk phones or webcams – to shut them down or turn them into the eyes and ears of a target organization.

“Network segmentation is an important way to secure IoT devices,” said Ben Seri, research vice president at Armis. “But sometimes we can make holes. And we know that corporate devices are the target worldwide. If they have this kind of vulnerability, it can unfortunately be very powerful for a group like an APT. “

The shortcomings lie in the implementation of a mechanism known as the Cisco Discovery Protocol, which allows Cisco products to broadcast their identities to each other within a private network. CDP is part of “Layer 2” of a network that establishes the fundamental data link between network devices. All devices use a kind of identity broadcasting mechanism, but CDP is the native version of Cisco.

“You will have to own many devices, but once you own them all, you have literally taken over every part of the network.”

Ang Cui, red balloon

Separating Cisco products by allowing them to use CDP has a number of logistical advantages, but Seri points out that it is also an easy way for attackers to find Cisco products once they are on a network. And since all Cisco products use CDP, one vulnerability can be used to automatically and simultaneously target multiple devices, or to take over crucial devices such as network switches and move them laterally. Every Layer 2 protocol can contain errors; vulnerabilities in CDP simply provide a particularly efficient route to attack ubiquitous Cisco products.

Armis announced his findings to Cisco at the end of August and today the network giant is releasing patches for all five vulnerabilities. There are so many because Cisco implements CDP in slightly different ways depending on the product; Armis found related bugs during the disclosure process and worked with Cisco to fix them all.

“On February 5, we announced vulnerabilities in the Cisco Discovery Protocol implementation of various Cisco products, along with information about software fixes and limitations, if available,” a Cisco spokesperson said in a statement. “We are not aware of any malicious use of the vulnerabilities described.”

To exploit the bugs, attackers should first have gained a foothold in the network of a target, but from there they could quickly fan out, putting one vulnerable Cisco device after another at risk and penetrating deeper into a system. And once attackers controlled a switch or router, they could intercept non-encrypted network data, such as files and some communications, or gain access to the ‘active directory’ of a company that manages authentication for users and devices.

“It is still hop for hop. As a hacker, you still need an initial attack vector in the network,” says Ang Cui, founder of the IoT security company Red Balloon, who has announced countless Cisco bugs. ” once you have the same vulnerability with every hop – all switches, firewalls and routers in a network can be affected by this. So you will have to own many devices, but once you own them all, you have literally taken over every part of the network. “

. [TagsToTranslate] Insects