Thursday, September 08, 2005

New Critical Cisco IOS Flaw

It is a mere 6 weeks after the Ciscogate incident and another serious IOS flaw has surfaced. Those that thought that Ciscogate was a once-off incident are going to have to rethink their positioning and I am certain that the publication of further flaws and vulnerabilities in Cisco's IOS is something we are going to have to get used to in the future.

What makes this news interesting is that for the first-time an IOS flaw has been flagged as posing a serious cyberattack risk to computer networks and the 'Net and has prompted security vendor Symantec to raise its ThreatCon global threat index to Level 2, which means an attack is expected. This is a turnaround from the Ciscogate vulnerability where the threat was pooh-poohed. So wisely, Cisco are playing it safe this time around. FrSIRT has given the vulnerabiluty a critical rating. Given the recent attention to exploits in Cisco's IOS and vows by the hacking community following the BlackHat controversy it is probable that this issue will see attempts at exploit development in the near term, according to analysts.

Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected. Also, devices configured with only Authentication Proxy for HTTP and/or HTTPS are also not affected. Only devices running certain recent versions of Cisco IOS are affected. On the surface of it, one would assume not a lot of customers are running these features or have the IOS versions that are effected so it makes one wonder why Cisco and Symantec view this so seriously.

Even though my company and myself personally have advised hundreds of customers to look at securing IOS infrastructure holistically, as they would their Microsoft operating systems and desktops, it has been amazing how this consistantly lands up at the bottom of the priority pile, and the impressions of supposed imperviousness of IOS persist. I give it another 6 months and this issue will be at the top of the pile...

We have discussed at length what is required to be done and noted that it is a non-trivial task and planning needs to be initiated now rather than when it is too late, in the following posts:
Ciscogate : Advice for customers
Ciscogate:The Lynn interview
Cisco IOS flaw saga continues
Pulled presentation spreads like wildfire
Cisco, ISS PR disaster
Cisco, ISS file for injunction at BlackHat
Cisco coverup ignites BlackHat controversy

..and two amazing predictions on this blog made before these events that were spot on the money...
13 July Hackers to target Cisco next?
13 May Best you start thinking about patching your IOS now
Rate this post: (Provided by NewsGator)


Post a Comment

Links to this post:

Create a Link

<< Home