Cisco has uncovered nine security flaws in its network switches, which could enable criminals to run arbitrary code and access corporate networks. Updates to the software have been released by the company.
Four of the nine vulnerabilities have been given a CVSS score of 9.8, identifying them as critical problems.
Cisco reveals nine vulnerabilities
Cisco has released an advisory detailing nine vulnerabilities and their respective updates. The flaws impact its Small Business series of network switches, which are used to help different pieces of hardware communicate with each other.
The vulnerabilities are caused by improper validation of requests that are sent to the switch’s web interface, explains the advisory.
The quartet of critical vulnerabilities are particularly problematic, as a successful attacker could allow the hacker to execute arbitrary code with root privileges on an affected device. They could allow an attacker to download sensitive files, steal data or reconfigure the system in order to open up access.
All of the exploits if abused could put the affected device into a denial-of-service condition, rendering it inaccessible or unusable. This means a cybercriminal could use one of the vulnerabilities to hack into a switch and use it as a drone in a distributed denial-of-service attack (DDoS) attack. DDoS attacks have enjoyed a surge in popularity over recent months, being commonly used by hacktivists in the Russia-Ukraine war.
Unpatched networking gear exploited by hackers
The vulnerabilities are not dependent on one another either, which makes them easier to take advantage of. “Exploitation of one of the vulnerabilities is not required to exploit another vulnerability,” the advisory says. “In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.”
The list of vulnerabilities and their requisite updates can be found here.
Cisco networking gear is widely deployed across corporate network, meaning vulnerabilities can be highly damaging. In April, the UK’s National Cyber Security Centre (NCSC) released a warning that APT28, a well known Russian government sponsored cybercrime gang also known as Fancy Bear, was deploying malware onto poorly maintained, unpatched Cisco routers, exploiting a flaw first discovered in 2017.
“APT28 has been known to access vulnerable routers by using default and weak SNMP community strings,” the NCSC said.
Read more: US puts $10m bounty on key member of Russian ransomware ecosystem linked to LockBit
