[Wired] Cisco Flaws Put Millions of Workplace Devices at Risk
These particular vulnerabilities, found by the enterprise security firm Armis, can also break out of the "segmentation" that IT managers use to silo different parts of a network, like a guest Wi-Fi, to cause widespread issues. Attackers could target a vulnerable Cisco network switch—which moves data around an internal network—to intercept large amounts of unencrypted, internal information and move between different parts of a target's system. Attackers could use related flaws, also disclosed by Armis, to attack batches of Cisco devices at once—like all the desk phones or all the webcams—to shut them down or turn them into eyes and ears inside a target organization.
“Network segmentation is a key way to secure IoT devices,” says Ben Seri, vice president of research at Armis. “But sometimes we can poke holes. And we know that enterprise devices are being targeted in the world. If they have this type of vulnerability, unfortunately that can be very powerful for a group like an APT.”
The flaws lie in the implementation of a mechanism known as the Cisco Discovery Protocol, which allows Cisco products to broadcast their identities to each other within a private network. CDP is part of a network's "Layer 2," which establishes the foundational data link between network devices. All devices use some sort of identity broadcasting mechanism, but CDP is Cisco’s proprietary version.
It's also not surprising because it's CDP. A security vulnerability in an auto discovery protocol. Shocker. Admittedly, I'm no expert on CDP or Cisco. I've dabbled with old equipment and had limited exposure to CDP though. For whatever reason, the first thing I felt creeping into the back of my mind with it was security vulnerability. If memory serves, it's a great way to collect info on other devices from a given device. Assuming it's enabled anyway.