If you look at the Cisco1001-X series router. You will realize that it doesn’t look so much similar to the one you have in your abode. Besides, it is quite bigger and less affordable making it a reliable and responsible tool for connectivity at corporate offices, stock exchanges, local mall, and a whole lot more. But recently, researchers found out a Cisco bug that might allow hackers to control any 1001-X router. This will risk the commands and data that flows across this Cisco router.
The researchers from Red Balloon revealed two vulnerabilities on the routers which include a bug found on the IOS (not the one from Apple) operating system of Cisco. Red Balloon is known as a security firm that put efforts in determining flaws on different devices, systems, as well as applications. Moreover, it was able to determine a flaw on the router that might probably allow any hacker to obtain root access remotely to the devices.
Apparently, this is not a usual vulnerability but this is bad. Most especially for routers. However, it can be fixed easily using a software patch.
On the other and, the second vulnerability is more sinister than the first one. As a matter of fact, researchers point out root access as the second Cisco bug. This is by showing that they can bypass the most important security protection of the router. It is known as Cisco’s Trust Anchor which is basically a security feature that you can find in nearly all of Cisco’s enterprise devices manufactured since the year 2013.
But aside from that, the fact that Red Balloon was capable of demonstrating a method of bypass the router using a single device just like a Cisco bug tracker. It only shows that the scenario is really possible. The demonstration is an unexpected Cisco bug checker that reveals the need of the company to fix its Anchor Trust on a large number of Cisco units across the world. This includes enterprise routers, network switches, firewalls, and more.
Disabling Cisco’s Trust Anchor
Ang Cui, the CEO, and founder of Red Ballon has been known in the past due to revealing major vulnerabilities in Cisco. Cui says that they have shown in the demo that they are capable of persistently. And quietly disable the fundamental security feature of most Cisco devices called the Trust Anchor. Cui also added that the demo only shows that they can make arbitrary changes as she put it, it a Cisco router. Moreover, the Trust Anchor will continue to show that the Cisco device remains trustworthy.
If you seem to rely on Cisco bug search tool for your project. But you get to see this news about Cisco devices having a bug. Will you still trust the reliability of the brand? Well, you can still reconsider it right? However, if the company won’t make a move on regaining the trust of its users. Then better yet look for a more solid brand or just stick to it. And cross your fingers for any trouble you’ll face after.