Big Security Bug Affects Hundreds Of Thousands Of Cisco Devices
Hackers can use leaked NSA tools to do their dirty work.
Hackers using NSA-related hacking tools could exploit a major cyber security vulnerability impacting hundreds of thousands of Cisco switches, routers, and other networking gear.
The vulnerability, disclosed by Cisco CSCO -1.01% last week, has impacted at least 859,000 devices, according to Shadowserver Foundation, an independent cyber security group and Cisco partner that has been scanning Cisco routers and switchers worldwide.
Of those devices affected, 259,000 are located in the U.S., 44,000 are in Russia, and another 43,000 are in the U.K. Cisco said Shadowserver would share data with owners of the affected devices and related IP addresses. If customers want detailed reports, they “can contact Shadowserver and get their section of the scan results,” said a Cisco spokesperson.
Hackers who exploit the vulnerability—which affects Cisco’s popular IOS networking operating system—would be able to get access to data in the device’s memory, “which could lead to the disclosure of confidential information,” Cisco said. Cisco says itsnetworking software is the “world’s most widely deployed.”
The Cisco security post said that some Cisco customers have been compromised by the security bug, but did not say which customers or the severity of the attacks.
It said that it was alerted to the security vulnerability on August 15, but it did not say who brought the information to the company’s attention. In the post about the vulnerability, Cisco said a hacking group called “the Shadow Brokers” had posted details online of how to exploit an older Cisco product.
In mid-August, the Shadow Brokers claimed responsibility for posting online a collection of tools and exploits created by another organization, “the Equation Group,” which many analysts have linked to the NSA.
The leaked materials included documentation about how to crack into data center gear built by companies like Cisco, Juniper Networks JNPR -0.29% , Fortinet, and a Chinese networking company Topsec. The Shadow Brokers said at the time that it would auction the exploits to the highest bidder.
Cisco then investigated and learned that other products, like its popular networking software, could be affected by the same exploit. The networking software works with several of Cisco switches and routers.
Cisco said there is no way to fix the problem until it creates a patch, which it said will be available in the coming days. However, it said that companies can take some “countermeasures” in the meantime.
The company advises information technology administrators to use network-monitoring tools to scan their networks for strange activity that could tip them off of possible hacking attempts. Cisco also posted a technical guide for network admins to follow that will help them determine if their devices arevulnerable as well as an incident report page.
A Cisco spokesperson said the company is unable to “speculate about who may try to exploit this vulnerability or why they would do so.”
Source | fortune