Cisco has admitted that a vulnerability with versions of its Lan switching software permits unauthorised configuration changes on a Catalyst switch.
The networking giant's Catalyst software permits unauthorised access to the enable mode in the 5.4(1) release. Once initial access is granted, access can be obtained for the higher level functions without a password. The vulnerability can be exploited remotely using remote access protocol Telnet.
An emergency security notice, which the company emailed to customers last night, said: "Anyone who can obtain ordinary console access to an affected switch can bypass password authentication to obtain 'enable' mode access without knowledge of the 'enable' password."
Cisco is urging customers to upgrade to later versions of its software as soon as possible after several customers reported the issue. However, as yet, there have been no reports of hackers exploiting the potentially devastating vulnerability.
The problem, for which Cisco admits there is no known workarounds, affects users across the entire range of Cisco's Lan switches, including the Catalyst 4000, 5000, 5500, 6000 and 6500.
Neil Barrett, technical director of security consultancy Information Risk Management, said that uncorrected, the vulnerability could leave networks wide open.
"Leaving aside the obvious possibility of mounting denial of service attacks, it would be possible for people to use this to bypass monitoring stations. It would also be possible to introduce sniffing tools which is normally difficult to do in switched environments," he said.
He said the vulnerability places organisations at particular risk from malicious insiders, and added that this class of risk is vital to test for when firms conduct penetration testing.
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way
The most luminous galaxy ever discovered is cannibalising at least three of its smaller neighbours, study finds
The galaxy radiates at 350 trillion times the luminosity of the Sun