Menu
More than 840,000 Cisco devices are vulnerable to NSA-related exploit

More than 840,000 Cisco devices are vulnerable to NSA-related exploit

The vulnerability could allow hackers to extract potentially sensitive information from devices' memory

More than 840,000 Cisco networking devices from around the world are exposed to a vulnerability that's similar to one exploited by a hacking group believed to be linked to the U.S. National Security Agency.

The vulnerability was announced by Cisco last week and it affects the IOS, IOS XE, and IOS XR software that powers many of its networking devices. The flaw allows hackers to remotely extract the contents of a device's memory, which can lead to the exposure of sensitive information.

The vulnerability stems from how the OS processes IKEv1 (Internet Key Exchange version 1) requests. This key exchange protocol is used for VPNs (Virtual Private Networks) and other features that are popular in enterprise environments.

Cisco discovered the vulnerability internally after analyzing an exploit for Cisco PIX firewalls that was leaked last month by a hacking outfit called Shadow Brokers. The exploit was part of a larger set of attack tools that Shadow Brokers claimed are being used by a cyberespionage group known in the security industry as the Equation, believed to be linked to the NSA.

Because other hackers could find the same flaw by analyzing the exploit leaked by Shadow Brokers, Cisco decided to inform its customers about it through a security advisory, even though the company is still working on developing and releasing patches.

Many of the affected IOS, IOS XE, and IOS XR releases don't yet have fixed versions, but Cisco released detection signatures for intrusion prevention systems that could be used to protect networks from potential attacks.

The Shadowserver Foundation, an organization that tracks cybercrime and assists with botnet takedowns, has started an internet-wide scan to find Cisco devices affected by this vulnerability with the goal of reporting them to their owners.

Its latest scan, which ran for two and a half hours on Wednesday, identified devices with 840,681 distinct IP addresses that responded as vulnerable to the probe.

The U.S. is the country with the largest number of vulnerable devices -- 255,606 -- followed by Russia with 42,281, and the United Kingdom with 42,138. Canada, Germany, Japan, Mexico, France, Australia, and China complete the top 10.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags ciscogovernment

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments