security

Cisco reveals critical security vulnerabilities in range of network … – Tech Monitor


Cisco has uncovered nine security flaws in its network switches, which could enable criminals to run arbitrary code and access corporate networks. Updates to the software have been released by the company.

Cisco reveals nine vulnerabilities that need to be patched immediately. (Photo by Ken Wolter/Shutterstock)

Four of the nine vulnerabilities have been given a CVSS score of 9.8, identifying them as critical problems.

Cisco reveals nine vulnerabilities

Cisco has released an advisory detailing nine vulnerabilities and their respective updates. The flaws impact its Small Business series of network switches, which are used to help different pieces of hardware communicate with each other.

The vulnerabilities are caused by improper validation of requests that are sent to the switch’s web interface, explains the advisory.

The quartet of critical vulnerabilities are particularly problematic, as a successful attacker could allow the hacker to execute arbitrary code with root privileges on an affected device. They could allow an attacker to download sensitive files, steal data or reconfigure the system in order to open up access.

All of the exploits if abused could put the affected device into a denial-of-service condition, rendering it inaccessible or unusable. This means a cybercriminal could use one of the vulnerabilities to hack into a switch and use it as a drone in a distributed denial-of-service attack (DDoS) attack. DDoS attacks have enjoyed a surge in popularity over recent months, being commonly used by hacktivists in the Russia-Ukraine war.

Unpatched networking gear exploited by hackers

The vulnerabilities are not dependent on one another either, which makes them easier to take advantage of. “Exploitation of one of the vulnerabilities is not required to exploit another vulnerability,” the advisory says. “In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.”

Readers Also Like:  Panel examines Israel-Hamas conflict | MIT News | Massachusetts ... - MIT News

The list of vulnerabilities and their requisite updates can be found here.

Content from our partners
Why F&B manufacturers must find ever-greater levels of flexibility

Digital solutions hold the key for government departments under pressure to drive greater efficiencies 

Why HR must embrace new tools to serve a fast-changing workforce

Cisco networking gear is widely deployed across corporate network, meaning vulnerabilities can be highly damaging. In April, the UK’s National Cyber Security Centre (NCSC) released a warning that APT28, a well known Russian government sponsored cybercrime gang also known as Fancy Bear, was deploying malware onto poorly maintained, unpatched Cisco routers, exploiting a flaw first discovered in 2017.

“APT28 has been known to access vulnerable routers by using default and weak SNMP community strings,” the NCSC said.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.