Menu
More than 840,000 Cisco devices are vulnerable to NSA-related exploit

More than 840,000 Cisco devices are vulnerable to NSA-related exploit

The vulnerability could allow hackers to extract potentially sensitive information from devices' memory

More than 840,000 Cisco networking devices from around the world are exposed to a vulnerability that's similar to one exploited by a hacking group believed to be linked to the U.S. National Security Agency.

The vulnerability was announced by Cisco last week and it affects the IOS, IOS XE, and IOS XR software that powers many of its networking devices. The flaw allows hackers to remotely extract the contents of a device's memory, which can lead to the exposure of sensitive information.

The vulnerability stems from how the OS processes IKEv1 (Internet Key Exchange version 1) requests. This key exchange protocol is used for VPNs (Virtual Private Networks) and other features that are popular in enterprise environments.

Cisco discovered the vulnerability internally after analyzing an exploit for Cisco PIX firewalls that was leaked last month by a hacking outfit called Shadow Brokers. The exploit was part of a larger set of attack tools that Shadow Brokers claimed are being used by a cyberespionage group known in the security industry as the Equation, believed to be linked to the NSA.

Because other hackers could find the same flaw by analyzing the exploit leaked by Shadow Brokers, Cisco decided to inform its customers about it through a security advisory, even though the company is still working on developing and releasing patches.

Many of the affected IOS, IOS XE, and IOS XR releases don't yet have fixed versions, but Cisco released detection signatures for intrusion prevention systems that could be used to protect networks from potential attacks.

The Shadowserver Foundation, an organization that tracks cybercrime and assists with botnet takedowns, has started an internet-wide scan to find Cisco devices affected by this vulnerability with the goal of reporting them to their owners.

Its latest scan, which ran for two and a half hours on Wednesday, identified devices with 840,681 distinct IP addresses that responded as vulnerable to the probe.

The U.S. is the country with the largest number of vulnerable devices -- 255,606 -- followed by Russia with 42,281, and the United Kingdom with 42,138. Canada, Germany, Japan, Mexico, France, Australia, and China complete the top 10.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags ciscogovernment

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments