Critical vulnerabilities expose Cisco equipment to hijacking attacks

News
By Sead Fadilpašić
last updated

Cisco uncovers multiple high-severity flaws

Cisco
(Image credit: Shutterstock / Valriya Zankovych)

Cisco has revealed it uncovered, and fixed, two "high-severity" flaws in its Catalyst PON Series Switches Optical Network Terminals which could have allowed for unauthorized root access to devices.

As reported by The Register, the two vulnerabiliies are labeled CVE-2021-34795 and CVE-2021-40113, with the former described as an "unintentional debugging credential" or, as it seems, a backdoor left by the developers, for debugging. 

Whoever knew the hidden credentials can get root access to the passive optical network switches, but to do that, the device needed to have Telnet support enabled, something that's usually off, by default.

The latter threat revolves around insufficient validation of user-supplied input. As per the report, an unauthenticated malicious actor can conduct a command injection attack on the gear's web-based management portal.

Patch available

"An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface," Cisco says. "A successful exploit could allow the attacker to execute arbitrary commands on an affected device as the root user."

The devices need to have Remote Web Management enabled, in order for the attack to work. Otherwise, the malicious actors need to reach the management portal via LAN.

It was said that the Catalyst PON Switch CGP-ONT-1P, CGP-ONT-4P, CGP-ONT-4PV, CGP-ONT-4PVC, or CGP-ONT-4TVCW are all affected. Users should make sure to update the devices as soon as possible.

The Register also said Cisco also found a high-severity (8.6 out of 10 rating) flaw in its Policy Suite product, as well. Labeled CVE-2021-40112, it allows an unauthenticated remote attacker to modify the same switches' configuration.

"A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user," the company said. To fix this, users should update the software and install fresh SSH keys.

You might also want to check out our list of the best ransomware protection out there

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.