Service providers have fixed a serious flaw in their Cisco routers before the hackers produced any software to exploit it. Businesses may not be so lucky, unless they move smartly.
Internet service providers went into panic mode on Wednesday, updating their Cisco routers to patch a serious flaw which would have let hackers bring their networks down. Now, with the flaw in the public domain, it is only a matter of time before software is created that uses it, and the only victims will be businesses.
“ISPs have upgraded their core networking infrastructure,” said Gunter Ollmann, EMEA manager of the X-Force Security Assessment Services, at Internet Security Services (ISS). “In large enterprises, border routers and core routers will be running Cisco’s IOS software. These will be targetted. They should upgrade immediately.”
The problem comes at a time when security managers are already in crisis mode, thanks to a flaw uncovered by veteran Polish security group, the Last Stage of Delirium, which would allow hackers to take control of any Windows PC. “Given yesterday’s advisory on Microsoft systems, fixing both of these problems together is going to affect an awful lot of people,” said Ollmann.
The Cisco flaw affected the most common versions of Cisco’s IOS operating system, and the most common network packets, IP version 4. “A large proportion of the Internet backbone would have been affected, given the versions affected,” said Ollmann.
Cisco attempted to minimise the panic by informing the ISPs before it published the advisory. However, as every large ISP rushed to carry out “unscheduled maintenance” during Wednesday, it became obvious that something was up, and Cisco published its security advisory late on Wednesday.
“We have not observed any attacks as yet,” said Ollmann. “However, given the nature of this kind of vulnerability, you can rest assured that there are a lot of people working on exploits.” An attack would need a specially-crafted malicious series of packets, which will take time to produce, however, IOS source code is available on hacker sites, so it is only a matter of time before the exploits are produced, warned Ollmann. Although routers using IP version 6 are not affected, this is not a reason to upgrade to the new version of IP, said Ollmann: “The vulnerability is in IOS, not a problem with the protocol.” There is no indication that other IPv4 attacks will happen, although the information in Cisco’s advisory has been purposely kept vague.