Tough day for Cisco. A large number of Cisco software releases and devices were comprehensively pwned by US Gov spy agencies. This isn’t surprising, thats what they are supposed to do but now the details have been published on WikiLeaks.
This LinkedIn blog post outlines some of what has been found.
When I took a quick look at Wikileaks data, the range of possibilities is substantial but require access to the device itself. The Cisco post has details on the range of exploits in their response published today: http://blogs.cisco.com/security/the-wikileaks-vault-7-leak-what-we-know-so-far which says its too early to frame a response. I agree.
- Waiting to hear if other vendors are impacted, not known at this time but it seems likely.
- Now that these vulnerabilities have been published, your networks are at risk.
- There isn’t much that Cisco can do yet.
- Cisco as a dominant vendor is a target because one exploit can be widely applied to more targets and because targets are likely to have Cisco assets.
- The published vulnerabilities are for older equipment but more recent documentation will be released in the next few weeks. It could get worse if newer equipment is also vulnerable.
- While it seems that Cisco has not done enough to harden their devices against these types of threats it is too early to conclude that major flaws in process or culture exist.
- Security risks from nation state adversaries (aka CIA/NSA/GCHQ et al) are to be expected and, perhaps, accepted.
- It might be worth planning to upgrade your network instead of patching. If you had an orchestration system that does automated upgrades like SD-WAN vendors or modern SDN-DC platforms, this would have less impact.
Anything else ? I’ll try to keep updated on this and share more as I find it.