Monday , August 3 2020
Home / Networking / Cisco patches a security glitch affecting routers, switches and phones

Cisco fixes vulnerabilities in its Cisco Discovery Protocol (CDP) that could let remote attackers take over products without any user interaction

Cisco patches a security glitch affecting routers, switches and phones

By

Network World |

Cisco has issued fixes for five security glitches that can be found in a wealth of its networked enterprise products – from switches and routers to web cameras and desktop VoIP phones.  

The problems center around vulnerabilities in the implementation of the Cisco Discovery Protocol (CDP) that could let remote attackers take over the products without any user interaction. While no public exploit has been found, an attacker simply needs to send a maliciously crafted CDP packet to a target device located inside the network to take advantage of the weakness, Cisco stated.

Cisco’s CDP is a Layer 2 protocol that runs on Cisco devices and enables networking applications to learn about directly connected devices nearby, according to Cisco. It enables management of Cisco devices by discovering networked devices, determining how they are configured, and letting systems using different network-layer protocols learn about each other, according to Cisco.

The five vulnerabilities, revealed by Armis Security and dubbed CDPwn, are significant because Layer 2 protocols are the underpinning for all networks, Armis wrote in a blog about the problems.

“As an attack surface, Layer 2 protocols are an under-researched area and yet are the foundation for the practice of network segmentation. Network segmentation is utilized as a means to improve network performance and also to provide security. Unfortunately, as this research highlights, the network infrastructure itself is at risk and exploitable by any attacker, so network segmentation is no longer a guaranteed security strategy,” Armis wrote.

Cisco rated the CDP security threats as “High.” The specific warnings include:

Armis said it discovered the bugs in August last year as worked with Cisco to develop patches which Cisco says are available for free

This story, “Cisco patches a security glitch affecting routers, switches and phones” was originally published by

Network World.

Michael Cooney is a Senior Editor with Network World who has written about the IT world for more than 25 years. He can be reached at michael_cooney@idg.com.

Copyright © 2020 IDG Communications, Inc.

This Article was first published on itnews.com

About IT News Ug

Check Also

Airbus tells developers what it needs from quantum-computing

Aerospace multinational Airbus says it is 'quantum-ready' and helping to shape the future capabilities of quantum computing.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

//graizoah.com/afu.php?zoneid=2572107