Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again

Better ban this gear from non-US core networks, right?

Right on cue, Cisco on Wednesday patched a security vulnerability in some of its network switches that can be exploited by miscreants to commandeer the IT equipment and spy on people.

This comes immediately after panic this week over a hidden Telnet-based diagnostic interface was found in Huawei gateways. Although that vulnerability was real, irritating, and eventually removed at Vodafone's insistence, it was dubbed by some a hidden backdoor perfect for Chinese spies to exploit to snoop on Western targets.

Which, of course, comes as America continues to pressure the UK and other nations to outlaw the use of Huawei gear from 5G networks over fears Beijing would use backdoors baked into the hardware to snatch Uncle Sam's intelligence.

Well, if a non-internet-facing undocumented diagnostic Telnet daemon is reason enough to kick Huawei kit out of Western networks, surely this doozy from Cisco is enough to hoof American equipment out of British, European and other non-US infrastructure? Fair's fair, no?

US tech giant Cisco has issued a free fix for software running on its Nexus 9000 series machines that can be exploited to log in as root and hijack the device for further mischief and eavesdropping. A miscreant just needs to be able to reach the vulnerable box via IPv6. It's due to a default SSH key pair hardcoded into the software, as Cisco explained:

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user.

The blunder, labeled CVE-2019-1804, was discovered and reported by Oliver Matula of ERNW Enno Rey Netzwerke in cooperation with ERNW Research.

It's one of 40-odd security patches Cisco emitted on Wednesday, fixing all sorts of holes from privilege escalation flaws to denial-of-service weaknesses in its products. And it's not the first time Cisco's had to patch over security shortcomings in its gear.

Yes, everything has bugs, from Cisco to Huawei, and Ericsson to Siemens kit. It's important they get fixed. It's just rather odd to see the US administration lean on its allies to ditch Huawei gear apparently out of fears of Chinese snooping via backdoors when its own homegrown offerings are just as flawed and open to remote access.

It's one thing for a nation to say it only wants gear it can trust on its networks; it's another to publicly pressure other countries into dumping their hardware providers. It just adds weight to the argument that America is simply upset its corporations are being undercut by Huawei and other manufacturers in China. ®




Biting the hand that feeds IT © 1998–2019