A corporate security firm called Armis has first found this vulnerability on August 29th last year! And after communicating to Cisco directly, they both have solved the issue and released the patches for it now. The maker now urges everyone to update their firmware to avoid any potential exploitations in future. The flaw was found in Cisco’s Delivery Protocol (CDP), which is a discovering feature that detects any other Cisco product in the local network. This protocol is virtually implemented in almost all the Cisco products ranging from switches to IP phones and routers to cameras. Parsing the CDP packets is where the actual flaw lies in. While there are no exploitations recorded yet, this vulnerability can potentially lead anyone having a fine print in any of the devices in the network to compromise the whole network with ease. An attacker should already be having his presence in any of the devices in the network to make further exploitations, as researchers said. And considering hundreds of devices on a single network, it’s easy to find at least one outdated device, that could lead him in.
The Five Vulnerabilities
Out of five flaws detected in CDP, four of them are of remote code executioners, one is of DDoS attacking.
The first RCE is a format string flaw in parsing of incoming CDP packets, which is associated with Cisco’s Internetworking Operating System (IOS XR). Attacker here can cause a stack overflow by setting specific string characters excessively. The second was too a stack overflowing thing with affecting Cisco’s NX-OS, which is the Ethernet switches and MDS Fiber channel storage area network switches. Here, the attacker can alter the power levels of switches to cause a stack overflow and gain access. The third RCE flaw is associated with IP cameras, where Cisco’s Video Surveillance 8000 series IP cameras are vulnerable. This is same as overflowing the stack with sending more CDP packets to Port ID field. And the final RCE is associated with Cisco’s IP phones, where pasting the CDP packets to overflow the Port ID is done to gain access. Apart from these, another flaw that’s capable of performing DDoS attack and may crash the system at once, is affected by Cisco’s FXOS, IOS XR and NX-OS software. Sending large memory block and leading the router to crash and reboot is the aim.
All these lead to one solid reason of “network insecurity”. If an attacker, somehow compromised one vulnerable device and gained access into the network, can access the sensitive audio and video data through IP phones or video cameras from the network. As Cisco has already released patches for these, it’s strongly advised to update as soon as possible to avoid being attacked.