Cisco bug leaves networks wide open

Cisco has admitted that a vulnerability with versions of its Lan switching software permits unauthorised configuration changes on a Catalyst switch.

The networking giant's Catalyst software permits unauthorised access to the enable mode in the 5.4(1) release. Once initial access is granted, access can be obtained for the higher level functions without a password. The vulnerability can be exploited remotely using remote access protocol Telnet.

An emergency security notice, which the company emailed to customers last night, said: "Anyone who can obtain ordinary console access to an affected switch can bypass password authentication to obtain 'enable' mode access without knowledge of the 'enable' password."

Cisco is urging customers to upgrade to later versions of its software as soon as possible after several customers reported the issue. However, as yet, there have been no reports of hackers exploiting the potentially devastating vulnerability.

The problem, for which Cisco admits there is no known workarounds, affects users across the entire range of Cisco's Lan switches, including the Catalyst 4000, 5000, 5500, 6000 and 6500.

Neil Barrett, technical director of security consultancy Information Risk Management, said that uncorrected, the vulnerability could leave networks wide open.

"Leaving aside the obvious possibility of mounting denial of service attacks, it would be possible for people to use this to bypass monitoring stations. It would also be possible to introduce sniffing tools which is normally difficult to do in switched environments," he said.

He said the vulnerability places organisations at particular risk from malicious insiders, and added that this class of risk is vital to test for when firms conduct penetration testing.