Use Cisco IOS XE Software? Have You Tried Turning It Off And Burning It?

Source: The Register Use Cisco IOS XE Software?  Have You Tried Turning It Off And Burning It?

It’s Not Thousands Of Devices Vulnerable, It’s Thousands Already Infected!

Cisco and their users have two immense problems right now, and only one is the day 0 exploit that affects all devices running IOS XE software.  The second is that Cisco’s initial communications implied that it had seen the exploit used on a couple of machines when the truth is that the flaw was discovered thanks to odd behaviour on somewhere between 10,000 to 80,000 active appliances.   With numbers that high, you pretty much have to assume you are infected and someone other than you has complete and utter control over your network traffic.  Turn them off if you can, explain to your security team the repercussions if you are told you cannot.

There is no patch nor workaround to protect IOS XE software that uses the HTTP Server feature, either plain or HTTPS and so both should be disabled.  That is all nice and fine, but as more details emerge it seems unwise to assume you are safe if you do so.  This flaw has been exploited since at least September 18, giving the attacker a month to gain control over your machine.  Even if you disable the new flaw, the local user created by the attacker is still able to exploit the CVE-2021-1435 vulnerability which Cisco patched over two years ago.  To make this clear, the attacker can exploit CVE-2021-1435 even if your device is fully patched against it and has been for years.

You should never be running the HTTP Server feature on a device which is exposed to the internet, but these things happen unintentionally as well as by those ignoring best practices and thus you have your Severity 10 exploit.

"We have also seen devices fully patched against CVE-2021-1435 getting the implant successfully installed through an as of yet undetermined mechanism," Cisco’s threat intel team wrote.

Video News

About The Author

Jeremy Hellstrom

Call it,, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!