Security

Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again

Better ban this gear from non-US core networks, right?

By Iain Thomson in San Francisco

151 SHARE

Right on cue, Cisco on Wednesday patched a security vulnerability in some of its network switches that can be exploited by miscreants to commandeer the IT equipment and spy on people.

This comes immediately after panic this week over a hidden Telnet-based diagnostic interface was found in Huawei gateways. Although that vulnerability was real, irritating, and eventually removed at Vodafone's insistence, it was dubbed by some a hidden backdoor perfect for Chinese spies to exploit to snoop on Western targets.

Which, of course, comes as America continues to pressure the UK and other nations to outlaw the use of Huawei gear from 5G networks over fears Beijing would use backdoors baked into the hardware to snatch Uncle Sam's intelligence.

Well, if a non-internet-facing undocumented diagnostic Telnet daemon is reason enough to kick Huawei kit out of Western networks, surely this doozy from Cisco is enough to hoof American equipment out of British, European and other non-US infrastructure? Fair's fair, no?

US tech giant Cisco has issued a free fix for software running on its Nexus 9000 series machines that can be exploited to log in as root and hijack the device for further mischief and eavesdropping. A miscreant just needs to be able to reach the vulnerable box via IPv6. It's due to a default SSH key pair hardcoded into the software, as Cisco explained:

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user.

The blunder, labeled CVE-2019-1804, was discovered and reported by Oliver Matula of ERNW Enno Rey Netzwerke in cooperation with ERNW Research.

It's one of 40-odd security patches Cisco emitted on Wednesday, fixing all sorts of holes from privilege escalation flaws to denial-of-service weaknesses in its products. And it's not the first time Cisco's had to patch over security shortcomings in its gear.

Yes, everything has bugs, from Cisco to Huawei, and Ericsson to Siemens kit. It's important they get fixed. It's just rather odd to see the US administration lean on its allies to ditch Huawei gear apparently out of fears of Chinese snooping via backdoors when its own homegrown offerings are just as flawed and open to remote access.

It's one thing for a nation to say it only wants gear it can trust on its networks; it's another to publicly pressure other countries into dumping their hardware providers. It just adds weight to the argument that America is simply upset its corporations are being undercut by Huawei and other manufacturers in China. ®

Sign up to our NewsletterGet IT in your inbox daily

151 Comments

More from The Register

I can't believe you've done this: Cisco.com asks visitors to explain to IT why they have broken the website

Switchzilla's online presence beset by mysterious outages

Life's certainties: Death, taxes, and Cisco patching more serious vulnerabilities

Switchzilla closes off 18 CVE-listed holes, get to work

Four words from Cisco to strike fear into the most hardened techies: Guest account as root

Now is a very good time to patch your estate

The Joy of Six... critical security patches: Cisco small biz switches open to hijacking via web UI

Plus UCS and other gear need updates

Cisco delivers Patch Tuesday warmup with bundle of 18 bug fixes

Unified Comms, Jabber among targets for clean-up

Networking giant in hot water for selling US govt buggy spy kit? Huawei again? No, it's Cisco

American tech giant coughs up $9m for shipping vulnerable crates of crap to Uncle Sam

Cisco helps ease blight of tourism on Orkney's Wi-Fi hotspot network thanks to £4.3m grant

*grumble* Coming over here... hogging our internets *groan*

Cisco and Pure shove mini AI in FlashStack converged systems

Entry-level AIRI equivalent

The latest convergence whodunnit: It was Hitachi Vantara and Cisco, in the channel, flogging big iron

Networking, storage collab hitting a data centre near you

Weird HyperFlex but OK: Cisco hops into bed with Schneider over edgy data centre designs

Hyperconverged infrastructure in an itty-bitty box