/>
X

Time to patch your Cisco routers

While Cisco isn't alone in upgrade complexity, the end result is that most end users never patch their routers and switches and just assume they never needs patching. This probably won't change until a conventional PC worm makes the jump to attack IOS vulnerabilities and causes massive damage.
george-ou.jpg
Written by George Ou on

Three months after the scandal at the Black Hat conference, Cisco finally confirmed the existence of some serious vulnerabilities that Michael Lynn warned about when he demonstrated the ability to hack in to Cisco routers back in July.  While the specifics were never made clear during the Black Hat conference, it was thought that Cisco had already fixed the issues with their IPv6 patch but now it's clear that the problems affecting Cisco IOS were much deeper.  In response, Cisco issued this advisory warning all Cisco customers to upgrade their routers with the latest IOS.

What this means is that everyone needs to upgrade each and every Cisco router they own including some of their Cisco switches that have routing capability.  The good news is that there are no publicly available exploits for this vulnerability yet (doesn't prove nonexistence) and that Cisco has provided their customers with Smartnet contracts a complete set of upgraded IOS images for every affected device.  Customers who don't have Smartnet contracts can obtain a free fix by calling the Cisco Technical Assistance center and they can get the phone numbers here.

The bad news is that a lot of smaller shops who don't have professional network engineers on staff have no idea how to upgrade their Cisco IOS devices.  While network professionals may be used to the complexity, mere mortals are overwhelmed with a massive matrix of IOS trains and feature-sets.  There isn't just a simple "upgrade" command on the routers that will automatically download and patch themselves let alone an auto-update feature.  While Cisco isn't alone in this regard and this is the norm network device companies, the end result is that most end users never patch their routers and switches and just assume they never needs patching.  This probably won't change until a conventional PC worm makes the jump to attack IOS vulnerabilities and causes massive damage.  This may or may not happen because the ability to root a Cisco router is too valuable to waste on an annoying worm, but a new era of router hacking is upon us and few are ready for it.

Related

This is the ultimate security key. Here's why you need one
Yubikey 5C NFC

This is the ultimate security key. Here's why you need one

Security
He flew American Airlines, she flew United. For both, the unthinkable happened
screen-shot-2022-06-30-at-10-14-36-am.png

He flew American Airlines, she flew United. For both, the unthinkable happened

Business
Azure's capacity limitations are continuing. What can customers do?
azurecapacitylimits

Azure's capacity limitations are continuing. What can customers do?

Cloud