Saturday, May 18, 2024

Malicious Cisco Code Circulating

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The release of a hacking toolkit to exploit security holes in
several Cisco products has sent the networking giant scrambling to announce patches and

The San Jose, Calif., company confirmed malicious hackers were circulating
code that could be used to run denial-of-service attacks
against multiple products in an advisory.

“Customers should take steps to ensure that they have addressed each of
these either via a software upgrade or workarounds in place as appropriate
in order to mitigate any risk from this new exploit code,” Cisco warned.

The “Cisco Global Exploiter” exploit code was released to underground
hacking Web sites over the weekend and could be used to attack nine Cisco
vulnerabilities. The hacking toolkit, which was seen by, includes very specific references to the targeted
Cisco security holes.

While most are denial-of-service vulnerabilities, one
flaw in the Cisco Broadband Operating System (CBOS) could lead to buffer
overflows and router takeovers.

Vulnerabilities that could be targeted by the exploit code include the
Cisco IOS Router DoS flaw; Cisco IOS HTTP Auth Vulnerability; Cisco IOS HTTP
Configuration Arbitrary Administrative Access Vulnerability; Cisco Catalyst
SSH Protocol Mismatch DoS Vulnerability; Cisco Catalyst SSH Protocol
Mismatch Vulnerability; and the Cisco 675 Web Administration Denial of
Service Vulnerability.

The company also warned hackers could unleash the infamous “Code Red” worm with the toolkit. Cisco’s advisory contained specific
patches and workaround that have previously been available.

It is not the first time that an active exploit targeting a known
vulnerability in Cisco routers and switches has been released on the

Last July, a “fully functioning exploit tool” was released on
the Full Disclosure security mailing list. The
company started receiving reports of Cisco routers under attack immediately after the tool appeared.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles