Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras

February 6, 2020
in Internet Privacy
5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.

Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones.

You might also like

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

Collectively dubbed ‘CDPwn,’ the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol (CDP) that comes enabled by default on virtually all Cisco devices and can not be turned OFF.

Cisco Discovery Protocol (CDP) is an administrative protocol that works at Layer 2 of the Internet Protocol (IP) stack. The protocol has been designed to let devices discover information about other locally attached Cisco equipment in the same network.

According to a report Armis research team shared with The Hacker News, the underlying CDP implementations contain buffer overflow and format string vulnerabilities that could let remote attackers on the same network execute arbitrary code on the vulnerable devices by sending malicious unauthenticated CDP packets.

The list of CDPwn Cisco vulnerabilities affecting tens of millions of devices widely deployed in enterprise networks is as follow:

  • Cisco NX-OS Stack Overflow in the Power Request TLV (CVE-2020-3119)
  • Cisco IOS XR Format String vulnerability in multiple TLVs (CVE-2020-3118)
  • Cisco IP Phones Stack Overflow in PortID TLV (CVE-2020-3111)
  • Cisco IP Cameras Heap Overflow in DeviceID TLV (CVE-2020-3110)
  • Cisco FXOS, IOS XR, and NX-OS Resource Exhaustion in the Addresses TLV (CVE-2020-3120)

To be noted, since CDP is a Data Link layer 2 protocol that can’t cross the boundaries of a local area network, an attacker first needs to be on the same network to leverage CDPwn vulnerabilities.

However, after gaining an initial foothold in a targeted network using separate vulnerabilities, attackers can exploit CDPwn against network switches to break network segmentation and move laterally across the corporate networks to other sensitive systems and data.

“Gaining control over the switch is useful in other ways. For example, the switch is in a prime position to eavesdrop on network traffic that traverses through the switch, and it can even be used to launch man-in-the-middle attacks on the traffic of devices that traverses through the switch,” the researchers said.

“An attacker can look to move laterally across segments and gain access to valuable devices like IP phones or cameras. Unlike switches, these devices hold sensitive data directly, and the reason to take them over can be a goal of an attacker, and not merely a way to break out of segmentation.”

Additionally, CDPwn flaws also allow attackers to:

  • Eavesdrop on voice and video data/calls and video feed from IP phones and cameras, capture sensitive conversations or images.
  • Exfiltrate sensitive corporate data flowing through the corporate network’s switches and routers.
  • Compromise additional devices by leveraging man-in-the-middle attacks to intercept and alter traffic on the corporate switch.

Besides releasing a detailed technical report on the issues, the Armis research team has also shared videos of explanation and demonstration of the flaws, as embedded above.

Cisco Routers, Switches, IP Phones and Cameras

After closely working with Armis researchers over the last few months to develop security patches, Cisco today released software updates for all of its affected products.

Though Cisco has also provided some mitigation information, affected administrators are still highly recommended to install the latest software updates to completely protect their valuable networks against malware and emerging online threats.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

Artnome Wants to Predict the Price of a Masterpiece. The Problem? There’s Only One.

Next Post

Bug hunter finds cryptocurrency-mining botnet on DOD network

Related Posts

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Internet Privacy

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

March 4, 2021
New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!
Internet Privacy

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

March 3, 2021
URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
Internet Privacy

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

March 3, 2021
Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware
Internet Privacy

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

March 3, 2021
New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0
Internet Privacy

New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0

March 2, 2021
Next Post
Bug hunter finds cryptocurrency-mining botnet on DOD network

Bug hunter finds cryptocurrency-mining botnet on DOD network

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

13 challenges creating an open, scalable, and secure serverless platform – IBM Developer
Technology Companies

13 challenges creating an open, scalable, and secure serverless platform – IBM Developer

March 4, 2021
Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Internet Privacy

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

March 4, 2021
Streamlining data science with open source: Data version control and continuous machine learning
Big Data

Streamlining data science with open source: Data version control and continuous machine learning

March 4, 2021
Companion Raises $8M Seed Round to Use Machine Learning and Computer Vision to Talk to Dogs
Machine Learning

Companion Raises $8M Seed Round to Use Machine Learning and Computer Vision to Talk to Dogs

March 3, 2021
The TensorFlow Certification: get official recognition, but it’s hard! | by Keenan Moukarzel | Feb, 2021
Neural Networks

The TensorFlow Certification: get official recognition, but it’s hard! | by Keenan Moukarzel | Feb, 2021

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 13 challenges creating an open, scalable, and secure serverless platform – IBM Developer March 4, 2021
  • Ursnif Trojan has targeted over 100 Italian banks March 4, 2021
  • Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection March 4, 2021
  • Streamlining data science with open source: Data version control and continuous machine learning March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates