Security

Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again

Better ban this gear from non-US core networks, right?


Right on cue, Cisco on Wednesday patched a security vulnerability in some of its network switches that can be exploited by miscreants to commandeer the IT equipment and spy on people.

This comes immediately after panic this week over a hidden Telnet-based diagnostic interface was found in Huawei gateways. Although that vulnerability was real, irritating, and eventually removed at Vodafone's insistence, it was dubbed by some a hidden backdoor perfect for Chinese spies to exploit to snoop on Western targets.

Which, of course, comes as America continues to pressure the UK and other nations to outlaw the use of Huawei gear from 5G networks over fears Beijing would use backdoors baked into the hardware to snatch Uncle Sam's intelligence.

Well, if a non-internet-facing undocumented diagnostic Telnet daemon is reason enough to kick Huawei kit out of Western networks, surely this doozy from Cisco is enough to hoof American equipment out of British, European and other non-US infrastructure? Fair's fair, no?

US tech giant Cisco has issued a free fix for software running on its Nexus 9000 series machines that can be exploited to log in as root and hijack the device for further mischief and eavesdropping. A miscreant just needs to be able to reach the vulnerable box via IPv6. It's due to a default SSH key pair hardcoded into the software, as Cisco explained:

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user.

The blunder, labeled CVE-2019-1804, was discovered and reported by Oliver Matula of ERNW Enno Rey Netzwerke in cooperation with ERNW Research.

It's one of 40-odd security patches Cisco emitted on Wednesday, fixing all sorts of holes from privilege escalation flaws to denial-of-service weaknesses in its products. And it's not the first time Cisco's had to patch over security shortcomings in its gear.

Yes, everything has bugs, from Cisco to Huawei, and Ericsson to Siemens kit. It's important they get fixed. It's just rather odd to see the US administration lean on its allies to ditch Huawei gear apparently out of fears of Chinese snooping via backdoors when its own homegrown offerings are just as flawed and open to remote access.

It's one thing for a nation to say it only wants gear it can trust on its networks; it's another to publicly pressure other countries into dumping their hardware providers. It just adds weight to the argument that America is simply upset its corporations are being undercut by Huawei and other manufacturers in China. ®

Send us news
150 Comments
Get our Security newsletter

Keep Reading

Cisco intros desktop switches, one with USB-C to power your laptop

Fibre-to-the-desk is the driver because it allows longer connections and fewer physical frames

Whatever 4D chess Acacia was playing has worked: Cisco merger back on after ante upped 64% to $4.5bn

Switchzilla's enlarged offer accepted after smaller biz tried to stall acquisition

Cisco drags Acacia toward court to keep stalled $2.6bn acquisition on track

Smaller biz terminates deal after Chinese watchdogs dither

Cisco warns VMware vCenter bug puts hyperconverged tin in ‘unrecoverable’ state

Whatever you do, don’t run vCenter Server 7.0 U1 on HyperFlex. Just don’t go there unless you want horrible pain. Clear enough warning?

It's 2021 and you can hijack a Cisco SD-WAN deployment with malicious IP traffic and a buffer overflow. Patch now

And also fix up these other holes that can be exploited via HTTP requests, SQL injection, etc

Cisco reveals a probe of 'self-enrichment scheme' involving ex-employees in China

Also lifts lid on allegations former workers paid staffers of 'state-owned enterprises'

Cisco reveals critical bug in small biz VPN routers when half the world is stuck working at home

And we all know how good small business are at patching... NOT

Cisco predicts sunlit uplands after COVID-19. For now, though, sales are flat

Reckons the world is going to re-wire and revisit security

Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos

Masslogger evolution rears its ugly head, $30 gets you three month license to cause carnage

Cisco restores evidence of its funniest FAIL – ethernet cable presses switch's reset button

At least it’s a better excuse than Switchzilla’s ‘cosmic radiation errors’

Tech Resources

5 Things To Consider When Choosing An APM Tool

The goal: to reach a state of observability where the whole picture is detailed and constantly up-to-date — with monitoring and alerts that take it all into consideration.

VDI Made Simple

Industry-proven Solutions for VDI with Titntri and Citrix.

Breakthrough Efficiency in NLP Model Deployment

As Natural Language Processing (NLP) models evolve to become ever bigger, GPU performance and capability degrades at an exponential rate, leaving organizations across a range of industries in need of higher quality language processing, but increasingly constrained by today’s solutions.

Toolkit: Getting Started with Vulnerability Risk Management

Reducing risk across your complete, modern attack surface is no small undertaking, but you don’t have to go at it alone.