MCP Insights

Cybersecurity Threat Advisory: Cisco Small Business Switches

Posted on July 16, 2020 by Mike Beagles

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their mission-critical communications networks and systems. Sign up to receive these advisories in your inbox as soon as they are released.

This week, there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory Summary

Technology provider Cisco Systems has warned its customers about a Remote Code Execution (RCE) vulnerability in its line of small business switches. Such a vulnerability enables a cyberattacker to access and make changes to a computer owned by another, without authority, and regardless of where the computer is located. Specifically, an RCE allows an attacker to take over a computer or server by running malicious software, such as malware.

An RCE vulnerability in some Cisco switches could allow an attacker to hijack their target’s session, gaining access to the web-based management interface.

Mission Critical Partners (MCP) advises patching affected devices and upgrading EOL hardware. However, please be aware that Cisco end-of-life (EOL) products will not be patched, according to the table provided below.Social-Media-Graphic---Mission-Critical-Cybersecurity-Threat-Advisory

Technical Detail and Additional Information

Why Is This Noteworthy?

If a public safety’s network switch is compromised, the entire network is at the mercy of the cyberattacker. The public safety agency risks its network becoming completely incapacitated if the attacker erases the switch configuration or locks the agency out of its network administrator accounts, which would prevent personnel from remediating the issue.

What Are the Risks?

If a cyberattacker has compromised an administrator account, he/she could disable security features on a public safety agency’s Cisco switches, which could aid the attacker in data exfiltration. An example of this is Address Resolution Protocol (ARP) cache poisoning, which is a type of attack that spoofs the media access control (MAC) address to steal network traffic meant for another machine.

What Are the Recommendations?

MCP recommends installing the patch released by Cisco. If an agency’s Cisco device has reached end of life, we highly recommend that the agency contact its Cisco representative to update the necessary hardware.

Affected Products:

  • 250 Series Smart Switches
    • Patch Available
  • 350 Series Managed Switches
    • Patch Available
  • 350X Series Stackable Managed Switches
    • Patch Available
  • 550X Series Stackable Managed Switches
    • Patch Available
  • Small Business 200 Series Smart Switches
    • No Patch Available/End of Life
  • Small Business 300 Series Smart Switches
    • No Patch Available/End of Life
  • Small Business 500 Series Stackable Managed Switches
    • No Patch Available/End of Life

Link to Patch Downloads:

The patch is available from Cisco's Software Center found at Cisco.com. Click “Browse all” and navigate to Switches > LAN Switches - Small Business.

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.

Topics: Cybersecurity

Subscribe to Newsletter