Cisco has notified all concerning a critical security flaw in its ISO and IOS XE software. Cyber criminals are already aware of the situation and using it in attacks. Scary right? When I heard this, I thought, "Wow, there might already be so many routers and switches at risk!"
Have you ever thought how much data traverses through your router every second? Now, imagine a hacker hijacking all that data. Not good.
I’ve received these mobile alerts late at night, and let me tell you, you don’t want those alerts. Starting these steps now will help you avoid issues in the future.
Think about the alternative, what if your Wi-Fi router goes down at your house? You say, “That’s annoying.” But when thousands of businesses go offline? That’s an entirely different and catastrophic outcome.
So, what is the problem?
The security flaw allows cyber criminals to make unauthorized access to Cisco devices from remote distances. Once accessed, hackers can execute commands like they are the owner of the device. To put it plainly - can take control of your device and potentially your entire network.Have you ever thought how much data traverses through your router every second? Now, imagine a hacker hijacking all that data. Not good.
What devices are affected?
Cisco has not provided all of the detail yet (to prevent misuse by hackers), but here is what we know:- Devices running Cisco IOS or IOS XE are at risk.
- The attack is remote, and hackers do not have to physically interact with the affected device.
- Hackers can run arbitrary commands which could be very damaging.
How to safeguard your devices
Cisco's recommendations include:- Complete an analysis of your logs and traffic.
- Disable unnecessary services to minimize risk.
- Use access control lists (ACL) to restrict users to only trusted users.
I’ve received these mobile alerts late at night, and let me tell you, you don’t want those alerts. Starting these steps now will help you avoid issues in the future.
Why this is important
You might be thinking, “Are zero-day events actually common?” Yes, but the reason this is a substantial zero-day event is that Cisco equipment is the backbone of the internet. Although this event could hurt a certain company, the reality is that this type of compromise to accessing devices could hurt thousands of devices.Think about the alternative, what if your Wi-Fi router goes down at your house? You say, “That’s annoying.” But when thousands of businesses go offline? That’s an entirely different and catastrophic outcome.
