New Cisco IOS Zero-Day Delivers a Double Punch

  /     /     /  
Publicated : 23/11/2024   Category : security


New Cisco IOS Zero-Day Delivers a Double Punch


The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.



A vulnerability affecting Cisco operating systems could enable attackers to take full control of affected devices, execute arbitrary code, and cause reloads that trigger denial of service (DoS) conditions. And at least one attempt at exploitation has already occurred in the wild.
On Sept. 27, Cisco released
its latest semi-annual Security Advisory Bundled Publication
. The publication detailed eight vulnerabilities affecting its IOS and IOS XE operating systems, among them
CVE-2023-20109
, an out-of-bounds write issue which earned a 6.6 Medium severity score. According to
Ciscos security advisory
, CVE-2023-20109 has already been the object of at least one attempted exploitation in the wild.
In a statement to Dark Reading, a Cisco spokesperson acknowledged the vulnerabilities. Cisco has released software updates to address these vulnerabilities. Please refer to the specific security advisory for additional detail, the spokesperson wrote.
To Tim Silverline, vice president of security at Gluware, this vulnerability shouldnt be ignored, but its also no reason to panic.
Organizations should implement the mitigation strategies proposed by Cisco, but the danger here is not substantial. If the bad actor has full access to the target environment, then you are already compromised and this is just one way in which they could exploit those permissions to move laterally and escalate privileges, he says.
CVE-2023-20109 affects Ciscos VPN feature, Group Encrypted Transport VPN (GET VPN). GET VPN works within unicast or multicast environments by establishing a rotating set of encryption keys, shared within a group, where any group member can encrypt or decrypt data without need for a direct point-to-point connection.
Should an attacker have already infiltrated a private network environment of this sort, they could exploit it in one of two ways. They can either compromise the key server and alter packets sent to group members, or they can build and install their own key server and reconfigure group members to communicate with it instead of the true key server.
On the very same day of the semi-annual security publication, US and Japanese authorities issued
a joint warning about a Chinese state APT
rewriting Cisco firmware in attacks against large, multinational organizations.
This is not indicative of any new trend, Silverline states, for those of us more inclined to coincidences or conspiracies. Like any major vendor, Cisco will always have new vulnerabilities, it just so happens that weve had two events in as many days.
But this is a continuation of cybertrends seen over the last several years, Silverline adds. Attacks are becoming more advanced, they are being capitalized on quickly, he says. Edge technologies, in particular, are
an attackers ideal starting point
, exposing corporate networks to the broader Web, while
sometimes lacking the robust security protections
of their server counterparts.
Silverline suggests a number of ways organizations can address common issues. As a best practice, network devices should never be sending outbound communications. Once this is discovered, network automation capabilities can ensure that configurations are verified and implemented across the network to prevent bad actors from executing the attack, he says. Similarly, audit capabilities can alert network teams when any change or violation of policies takes place across your network devices so that they can quickly revert the device to the previous config.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Cisco IOS Zero-Day Delivers a Double Punch