- Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking
Cisco switches are the networking device which are used to connects devices together on a computer network by using packet switching to receive, process, and forward data to the destination device . According to the latest report the Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic. The stack-based buffer overflow vulnerability (CVE-2018-0171) resides due to improper validation of packet data in Smart Install Client, a plug-and-play configuration and image-management feature that helps administrators to deploy (client) network switches easily. According to the researcher the device found a total of 8.5 million with the vulnerable port open on the Internet, leaving approximately 250,000 unpatched devices open to hackers.
Affected Hardware and Software: The affected devices are
Catalyst 4500 Supervisor Engines
Catalyst 3850 Series
Catalyst 3750 Series
Catalyst 3650 Series
Catalyst 3560 Series
Catalyst 2960 Series
Catalyst 2975 Series
Cyber Security Tips: Users and administrators are strongly recommended that install free software updates to address the issue as soon as possible.