Cisco is warning enterprise customers of a medium-severity flaw in its Universal Small Cell devices which could allow attackers to remotely download the firmware.
The networking giant admitted that the vulnerability is due to the “insufficient enforcement” of the two-way certificate validation process by the Cisco-hosted binary server.
This means that a remote attacker could not only retrieve the firmware from a Cisco-hosted binary server but also the server provider configuration hints file.
It explained the significance of this:
“The hints file contains IP addresses of the device's provisioned service provider Cisco Universal Small Cell RAN Management System. The binary images retrieved from the image distribution service could be decrypted by an attacker who has previously retrieved a valid key from the flash of a Cisco Universal Small Cell device.”
No workarounds are available for the flaw, which is given a CVSS score of five.
Any customers considering software upgrades as a result should first check out the Cisco Security Advisories and Responses archive to check their level of exposure and a suitable upgrade path.
“In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release,” the advisory added.
“If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.”
Vulnerabilities at the firmware level appear to be an increasingly popular target for hackers and researchers alike.
FireEye warned last September of SYNful Knock, a “stealthy modification” of the firm’s router firmware which could lay hidden for months or years – giving attackers persistence and a sweeping view of data traveling in and out of an affected network.
Charlie Miller and Chris Valasek famously exploited deficiencies in firmware certificate security to remotely hack a Cherokee Jeep, allowing them to control the steering and brakes in a widely publicized piece of research debuted at Black Hat last year.
More recently, Juniper Networks was forced to issue an emergency advisory after backdoor code was found in ScreenOS software running on some of its firewalls.
Image credit: Ken Wolter / Shutterstock.com