标题 | 简介 | 类型 | 公开时间 | ||||||||||
|
|||||||||||||
|
|||||||||||||
详情 | |||||||||||||
[SAFE-ID: JIWO-2024-2555] 作者: ecawen 发表于: [2020-02-06] [2020-02-07]被用户:ecawen 修改过
本文共 [378] 位读者顶过
Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.[出自:jiwo.org]
Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed 'CDPwn,' the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol (CDP) that comes enabled by default on virtually all Cisco devices and can not be turned OFF. Cisco Discovery Protocol (CDP) is an administrative protocol that works at Layer 2 of the Internet Protocol (IP) stack. The protocol has been designed to let devices discover information about other locally attached Cisco equipment in the same network.
According to a report Armis research team shared with The Hacker News, the underlying CDP implementations contain buffer overflow and format string vulnerabilities that could let remote attackers on the same network execute arbitrary code on the vulnerable devices by sending malicious unauthenticated CDP packets.
To be noted, since CDP is a Data Link layer 2 protocol that can't cross the boundaries of a local area network, an attacker first needs to be on the same network to leverage CDPwn vulnerabilities. However, after gaining an initial foothold in a targeted network using separate vulnerabilities, attackers can exploit CDPwn against network switches to break network segmentation and move laterally across the corporate networks to other sensitive systems and data. "Gaining control over the switch is useful in other ways. For example, the switch is in a prime position to eavesdrop on network traffic that traverses through the switch, and it can even be used to launch man-in-the-middle attacks on the traffic of devices that traverses through the switch," the researchers said. "An attacker can look to move laterally across segments and gain access to valuable devices like IP phones or cameras. Unlike switches, these devices hold sensitive data directly, and the reason to take them over can be a goal of an attacker, and not merely a way to break out of segmentation."
Additionally, CDPwn flaws also allow attackers to:
Besides releasing a detailed technical report on the issues, the Armis research team has also shared videos of explanation and demonstration of the flaws, as embedded above. After closely working with Armis researchers over the last few months to develop security patches, Cisco today released software updates for all of its affected products. Though Cisco has also provided some mitigation information, affected administrators are still highly recommended to install the latest software updates to completely protect their valuable networks against malware and emerging online threats.
|