Home & Office

Cisco networking gear can be hijacked, warns company

An attacker can swap out the device's firmware with altered, malicious software.
Written by Zack Whittaker, Contributor on
(Image: CNET/CBS Interactive)

Cisco has warned a number of its routers and switches can be hijacked.

The networking giant said in an advisory that it has seen a "limited number" of cases where attackers will replace the device's firmware (known as "ROMMON").

Short for ROM Monitor, it allows the device's operating system to load. It allows administrators to run a number of configuration tasks.

A successful attack would allow a person to take over the device, but an attacker would need administrative or physical access to the device.

It's not clear how the attackers got the valid credentials in order to carry out this attack.

Making matters worse, any attack can "persist through a reboot," said the advisory, making it difficult to fix.

Cisco said "mild damage" could be caused to devices, and gave it a mid-range severity rating.

Cisco isn't calling the attack a "vulnerability" as such, and therefore hasn't been assigned a Common Vulnerabilities and Exposures (CVE) number.

Last year, journalists working with the Edward Snowden cache of leaked documents named Cisco as a target for the National Security Agency. The intelligence agency was intercepting equipment in transit and installing "beacon implants."

Cisco said at the time the operation "undermines confidence in our industry."

How to lock down an insecure wireless network router

Editorial standards