Critical Cisco vulnerabilities put millions of network devices at risk

News
By last updated

Bugs discovered in Cisco’s Discovery Protocol

(Image credit: Pixabay)

Five different critical vulnerabilities, collectively known as CPDwn, have been discovered in Cisco’s Discovery Protocol, potentially putting tens of millions of enterprise network devices such as desk phones, cameras, and network switches, at risk.

Cisco Discovery Protocol (CDP) is a level 2 protocol that is used to discover information about Cisco equipment that are directly connected nearby.

According to researchers, this flaw could allow hackers to control the products deep within the network without any human intervention. This could be done remotely by just sending a malicious CDP packet to the target device.

Flaws identified

Research firm Armis that identified the flaw stated that attackers can cause widespread issues by targeting a network switch that allows the flow of a large amount of un-encrypted internal corporate data. The webcams or desk phones can be shut down remotely or can be used as tools to spy within the organization.

“Network segmentation is a key way to secure IoT devices,” says Ben Seri, vice president of research at Armis. “But sometimes we can poke holes. And we know that enterprise devices are being targeted in the world. If they have this type of vulnerability, unfortunately, that can be very powerful for a group like an APT.”

Though Armis had disclosed these findings to Cisco in the month of August last year, the networking company is only just releasing patches to fix all these five vulnerabilities now. The company announced, "On February 5, we disclosed vulnerabilities in the Cisco Discovery Protocol implementation of several Cisco products along with software fix information and mitigation, where available." Cisco has also confirmed that there has been no report of any malicious use of this vulnerability.

According to Ang Cui, founder of Red Balloon an IoT security firm, Hackers still need to penetrate the network first. Though once done, vulnerabilities present in each network device can be the exploited impacting almost any Cisco device connected to the network.

Via Wired

Jitendra Soni
Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Cisco patches critical security issues, so update now
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
AI business data center
"It is literally driving our product development direction" - how Cisco is redefining networking security to better protect against cyberattacks and human error
A VPN runs on a mobile phone placed on a laptop keyboard
Major new online tunneling vulnerability could put millions of devices at risk
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
More about security
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
Poco F6 Pro in white from the back showing its Camera array and branding

For a mid-range handset, the Poco F6 Pro is premium in more ways than one, but I found it hard to ignore some of its key pitfalls
See more latest
Most Popular
BraX3
This obscure brand wants to launch the most privacy-friendly smartphone ever without Google, but with a mysterious open-source OS at its core
HAMR
Seagate reportedly sold two billion GBs worth of storage to two of the world's largest tech companies
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models