Skip to main content

Critical Cisco vulnerabilities put millions of network devices at risk

(Image credit: Pixabay)

Five different critical vulnerabilities, collectively known as CPDwn, have been discovered in Cisco’s Discovery Protocol, potentially putting tens of millions of enterprise network devices such as desk phones, cameras, and network switches, at risk.

Cisco Discovery Protocol (CDP) is a level 2 protocol that is used to discover information about Cisco equipment that are directly connected nearby.

According to researchers, this flaw could allow hackers to control the products deep within the network without any human intervention. This could be done remotely by just sending a malicious CDP packet to the target device.

Flaws identified

Research firm Armis that identified the flaw stated that attackers can cause widespread issues by targeting a network switch that allows the flow of a large amount of un-encrypted internal corporate data. The webcams or desk phones can be shut down remotely or can be used as tools to spy within the organization.

“Network segmentation is a key way to secure IoT devices,” says Ben Seri, vice president of research at Armis. “But sometimes we can poke holes. And we know that enterprise devices are being targeted in the world. If they have this type of vulnerability, unfortunately, that can be very powerful for a group like an APT.”

Though Armis had disclosed these findings to Cisco in the month of August last year, the networking company is only just releasing patches to fix all these five vulnerabilities now. The company announced, "On February 5, we disclosed vulnerabilities in the Cisco Discovery Protocol implementation of several Cisco products along with software fix information and mitigation, where available." Cisco has also confirmed that there has been no report of any malicious use of this vulnerability.

According to Ang Cui, founder of Red Balloon an IoT security firm, Hackers still need to penetrate the network first. Though once done, vulnerabilities present in each network device can be the exploited impacting almost any Cisco device connected to the network.

Via Wired