Security

Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again

Better ban this gear from non-US core networks, right?

By Iain Thomson in San Francisco

151 SHARE

Right on cue, Cisco on Wednesday patched a security vulnerability in some of its network switches that can be exploited by miscreants to commandeer the IT equipment and spy on people.

This comes immediately after panic this week over a hidden Telnet-based diagnostic interface was found in Huawei gateways. Although that vulnerability was real, irritating, and eventually removed at Vodafone's insistence, it was dubbed by some a hidden backdoor perfect for Chinese spies to exploit to snoop on Western targets.

Which, of course, comes as America continues to pressure the UK and other nations to outlaw the use of Huawei gear from 5G networks over fears Beijing would use backdoors baked into the hardware to snatch Uncle Sam's intelligence.

Well, if a non-internet-facing undocumented diagnostic Telnet daemon is reason enough to kick Huawei kit out of Western networks, surely this doozy from Cisco is enough to hoof American equipment out of British, European and other non-US infrastructure? Fair's fair, no?

US tech giant Cisco has issued a free fix for software running on its Nexus 9000 series machines that can be exploited to log in as root and hijack the device for further mischief and eavesdropping. A miscreant just needs to be able to reach the vulnerable box via IPv6. It's due to a default SSH key pair hardcoded into the software, as Cisco explained:

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user.

The blunder, labeled CVE-2019-1804, was discovered and reported by Oliver Matula of ERNW Enno Rey Netzwerke in cooperation with ERNW Research.

It's one of 40-odd security patches Cisco emitted on Wednesday, fixing all sorts of holes from privilege escalation flaws to denial-of-service weaknesses in its products. And it's not the first time Cisco's had to patch over security shortcomings in its gear.

Yes, everything has bugs, from Cisco to Huawei, and Ericsson to Siemens kit. It's important they get fixed. It's just rather odd to see the US administration lean on its allies to ditch Huawei gear apparently out of fears of Chinese snooping via backdoors when its own homegrown offerings are just as flawed and open to remote access.

It's one thing for a nation to say it only wants gear it can trust on its networks; it's another to publicly pressure other countries into dumping their hardware providers. It just adds weight to the argument that America is simply upset its corporations are being undercut by Huawei and other manufacturers in China. ®

Sign up to our NewsletterGet IT in your inbox daily

151 Comments

More from The Register

Cisco and Pure shove mini AI in FlashStack converged systems

Entry-level AIRI equivalent

The latest convergence whodunnit: It was Hitachi Vantara and Cisco, in the channel, flogging big iron

Networking, storage collab hitting a data centre near you

Weird HyperFlex but OK: Cisco hops into bed with Schneider over edgy data centre designs

Hyperconverged infrastructure in an itty-bitty box

Good heavens, is it time to patch Cisco kit again? Prime Infrastructure root privileges hole plugged

Do the thing ASAP, you know how it works by now

Cisco emits 25 security bug fixes for IOS, takes second crack at patching WAN router SNAFUs

Updated Oh no, these patches kinda blow, go go Switchzilla!

NX-OS-hit! Got Cisco Nexus and MDS 9000 switches? Then you've got patching to do, too

Oof. Crop of vulns include remote code execution as root

Better late than never: Cisco's software-defined networking platform ACI finally lands on AWS

Go hybrid or go home

Cisco whispers the three little words to really get an ASR 9000 net admin's blood pumping: Remote unauthenticated access

Critical patch available now for those with vulnerable kit

China trade tariffs? Fuhgeddaboudit, say Cisco execs. We, er, shifted some production

Switchzilla takes slow boat from Middle Kingdom amid Prez Trump's latest hike

Cisco snaps up Brit networking software bods Ensoft

From main customer to owner