The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Cisco Router

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
February 05, 2020Swati Khandelwal
Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed ' CDPwn ,' the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol (CDP) that comes enabled by default on virtually all Cisco devices and can not be turned OFF. Cisco Discovery Protocol (CDP) is an administrative protocol that works at Layer 2 of the Internet Protocol (IP) stack. The protocol has been designed to let devices discover information about other locally attached Cisco equipment in the same network. According to a report Armis research team shared with The Hacker N

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor
May 14, 2019Mohit Kumar
Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects multiple Cisco products that support Trust Anchor module (TAm). Trust Anchor module (TAm) is a hardware-based Secure Boot functionality implemented in almost all of Cisco enterprise devices since 2013 that ensures the firmware running on hardware platforms is authentic and unmodified. However, researchers found a series of hardware design flaws that could allow an authenticated attacker to make the persistent modification to the Trust Anchor module via FPGA bitstream modification and load the malicious bootloader. "An attacker with root privileges on the device can modify the contents of

New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide

New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide
January 28, 2019Mohit Kumar
If the connectivity and security of your organization rely on Cisco RV320 or RV325 Dual Gigabit WAN VPN routers, then you need to immediately install the latest firmware update released by the vendor last week. Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities in the wild after a security researcher released their proof-of-concept exploit code on the Internet last weekend. The vulnerabilities in question are a command injection flaw (assigned CVE-2019-1652) and an information disclosure flaw (assigned CVE-2019-1653), a combination of which could allow a remote attacker to take full control of an affected Cisco router. The first issue exists in RV320 and RV325 dual gigabit WAN VPN routers running firmware versions 1.4.2.15 through 1.4.2.19, and the second affects firmware versions 1.4.2.15 and 1.4.2.17, according to the Cisco's advisory . Both the vulnerabilities, discovered and responsibly reported to the company by German s

Cisco Finally Patches 0-Day Exploit Disclosed In Wikileaks-CIA Leak

Cisco Finally Patches 0-Day Exploit Disclosed In Wikileaks-CIA Leak
May 10, 2017Mohit Kumar
Cisco Systems has finally released an update for its IOS and IOS XE software to address a critical vulnerability, disclosed nearly two months back in the CIA Vault 7 leak , that affects more than 300 of its switch models. The company identified the vulnerability in its product while analyzing "Vault 7" dump — thousands of documents and files leaked by Wikileaks, claiming to detail hacking tools and tactics of the U.S. Central Intelligence Agency (CIA). As previously reported , the vulnerability (CVE-2017-3881) resides in the Cluster Management Protocol (CMP) — which uses Telnet or SSH to deliver signals and commands on internal networks — in Cisco IOS and Cisco IOS XE Software. The vulnerability can be exploited remotely by sending "malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections," researchers say. The company warned users on April 10 that an exploit targeting

​SYNful Knock: Backdoor Malware Found in Cisco Routers

​SYNful Knock: Backdoor Malware Found in Cisco Routers
September 17, 2015Khyati Jain
Mandiant , a FireEye sister concern has been involved in researches related to cyber defense. In their recent findings, a backdoor malware named SYNful Knock identified as the one compromising the principles of Cisco routers with features such as... ...Having an everlasting effect, i.e. Serious Persistence. What?- The malicious program is implanted in the router illicitly through the device's firmware (regardless of the vendor). The goal is achieved by modifying the router's firmware image, which exists even after the device gets a reboot. How?- installing SYNful Knock in Cisco 1841 router, Cisco 2811 router, and Cisco 3825 router. Affected areas- 14 instances in 4 countries including India, Mexico, Ukraine, and the Philippines. Impact- the backdoor is backed up with such abilities that can compromise the availability of other hosts and access to sensitive data in an organization. " The theoretical nature of router-focused attacks created a minds

Cisco to Buy OpenDNS Company for $635 Million

Cisco to Buy OpenDNS Company for $635 Million
July 01, 2015Mohit Kumar
Cisco, a networking giant that offers traditional network edge protection, has announced that the company is buying cloud-based security company OpenDNS for $635 Million . Yes, OpenDNS , whose Domain Name Services (DNS) you might have used to avoid regional restrictions or to improve your Internet connection. However, Cisco is not making the acquisition of OpenDNS for any of the above reasons. Instead, the networking giant says it will boost its own cloud security, adding "broad visibility and threat intelligence from the OpenDNS cloud-delivered platform." The aim is to offer you the protection against cyber attacks on your corporate network from any device, anywhere, anytime, and to predict threats before they strike. Hilton Romanski , who leads business development at Cisco, wrote in his blog post : "The acquisition will extend our ability to provide customers enhanced visibility and threat protection for unmonitored and potentially unsecure entry

New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers

New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers
November 05, 2014Swati Khandelwal
Security researchers at Kaspersky Lab have unearthed new capabilities in the BlackEnergy Crimeware weapon that has now ability to hacking  routers , Linux systems and Windows, targeting industry through Cisco network devices. The antivirus vendor's Global Research & Analysis Team released a report Monday detailing some of the new " relatively unknown " custom plug-in capabilities that the cyber espionage group has developed for BlackEnergy to attack Cisco networking devices and target ARM and MIPS platforms. The malware was upgraded with custom plugins including Ciscoapi.tcl which targets The Borg's kit, and According to researchers, the upgraded version contained various wrappers over Cisco EXEC-commands and " a punchy message for Kaspersky , " which reads, " F*uck U, Kaspersky!!! U never get a fresh B1ack En3rgy. So, thanks C1sco 1td for built-in backd00rs & 0-days. " BlackEnergy malware program was originally created and used by cy
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.