A CISCO switch vulnerability allows them to be hacked remotely

The Embedi security researchers have been charged with uncovering a critical flaw in the Cisco IOS software and Cisco IOS XE. Because of these vulnerabilities, an attacker, without the need for identification and remotely could execute code and take control of the network and intercept the traffic. Something serious that could affect companies.

Vulnerability in Cisco switches allows them to be hacked remotely

The vulnerability is caused by incorrect validation of packet data in the Smart Install Client, a configuration that helps administrators deploy network switches more easily.


Embedi has released the technical details after Cisco itself has released a security patch to protect users from this vulnerability. This is a vulnerability that has categorized as critical. In fact, researchers have found that about 8.5 million devices have this vulnerability. A problem of considerable magnitude, therefore.

Even a video has been posted with the way in which an attack is demonstrated. So it is possible to see how the attackers might perpetrate such an attack. You have the video on the top. Also, we have the complete list of Cisco switches affected:

 

  • Catalyst 4500 Supervisor Engines
  • Catalyst 3850 Series
  • Catalyst 3750 Series
  • Catalyst 3650 Series
  • Catalyst 3560 Series
  • Catalyst 2960 Series
  • Catalyst 2975 Series
  • IE 2000
  • IE 3000
  • IE 3010
  • IE 4000
  • IE 4010
  • IE 5000
  • SM-ES2 SKUs
  • SM-ES3 SKUs
  • NME-16ES-1G-P
  • SM-X-ES3 SKUs

Cisco has already released a security patch, which has been available since the end of last week. So users can now protect their devices against this failure if they upgrade now. And thus avoid any problems.