Hackers target unpatched flaw in Cisco software
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
Cisco warned Monday that hackers are actively exploiting a previously unknown security flaw in software found on a range of routers and similar network products.
Why it matters: If exploited, the security flaw could allow hackers to create an account on an affected system and gain high-level permissions, according to a recent advisory.
- Cisco does not have a workaround or a patch available to fix the problem yet.
The big picture: The zero day found in Cisco's software is just the latest in a long string of attacks involving hackers targeting critical, yet unknown security flaws in popular products.
Details: Hackers are targeting a flaw in the web user interface feature on Cisco IOS XE software, which is found in routers, network switches and wireless controllers.
- Once a hacker successfully exploits this flaw, they then can create a local user account and deploy an implant that allows them to execute malicious commands, according to researchers at Cisco Talos.
- Once inside the network, hackers are also able to exploit another vulnerability that Cisco patched two years ago.
- Cisco believes the hackers started targeting this flaw on Sept. 18, but the company was not aware of the malicious activity until Sept. 28.
Yes, but: It remains unclear how many organizations have been targeted in this scheme, how widespread the impact of the attacks will be, and who is behind the breaches.
Be smart: While the company works on a patch, Cisco is urging customers to disable the HTTP server feature on all internet-facing systems.
- Cisco says this guidance is consistent with best practices that the U.S. government has recommended in similar cases.
Sign up for Axios' cybersecurity newsletter Codebook here.
