UPDATED 15:19 EDT / FEBRUARY 05 2020

SECURITY

‘Virtually all’ Cisco devices vulnerable to critical new CDPwn exploits

Cybersecurity provider Armis Security Inc. has discovered critical vulnerabilities in a Cisco Systems Inc. networking protocol that could enable hackers to target tens of millions of enterprise devices worldwide, from data center switches to conference phones.

The flaws were disclosed today just as Cisco started releasing fixes for its devices. But it may take some time before enterprises are fully protected, since many of the vulnerable systems don’t have an automatic patching mechanism and need to be updated manually.

The flaws, collectively dubbed CDPwn by Armis, lurk in a piece of software called the Cisco Discovery Protocol. It’s a technology that according to Armis ships with “virtually” all Cisco hardware and is used by administrators to identify devices on the corporate network. The newly disclosed flaws enable hackers to exploit the protocol in order to hijack those very same Cisco devices.

“Four of the five vulnerabilities are remote code execution (RCE) vulnerabilities while one is a Denial of Service (DoS) vulnerability,” Armis researchers detailed in an report today. And all five follow the same basic pattern when it comes to the method of exploitation

Corporate networks are typically divided into segments that are isolated from one another to keep important hardware secure. A common practice is to attach company-owned devices such as workstations to one segment and less secure devices, for instance employee-owned phones, to another. In a network vulnerable to CDPwn, a hacker would need to gain control of just one  insecure employee phone or other poorly-configured device to launch attacks. 

The exploit involves sending a malicious packet over the Cisco Discovery Protocol to the target device. One scenario Armis warns of is an attack wherein which hackers breach the switch that controls a network in order to gain full access to data traffic and jump between segments. 

“The switch is in a prime position to eavesdrop on network traffic that traverses through the switch, and it can even be used to launch man-in-the-middle attacks on the traffic of devices that traverses through the switch,” Armis’ researchers wrote. “Additionally, a switch is the ultimate hiding position for an attacker — it is a relatively unsecured device, that doesn’t allow any security agent on it.”

On top of backend network devices, Cisco IP phones and surveillance cameras are vulnerable as well, which means that a hacker could potentially exploit CDPwn to spy on sensitive conversations.  

“Unlike switches, these devices hold sensitive data directly, and the reason to take them over can be a goal of an attacker, and not merely a way to break out of segmentation,” the researchers explained.

Other affected products include Cisco firewall appliances and routers. The exact number of devices deployed in the field that are vulnerable might difficult to assess, but on the positive side, the networking giant said that it has not yet detected any attempts to exploit the flaws. “We are not aware of any malicious use of the described vulnerabilities,” a company spokesperson said. 

Photo: Cisco

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.