As reported by Wired, researchers say that a crop of recently discovered flaws in Cisco enterprise products—like desk phones, web cameras, and network switches—could be exploited to penetrate deep into corporate networks. Because Cisco dominates the network equipment market, the bugs impact millions of devices.
All software has flaws, but embedded device issues are especially concerning given the potential for espionage and the inherent complexity of patching them. These particular vulnerabilities, found by the enterprise security firm Armis, can also break out of the “segmentation” IT managers use to silo different parts of a network, like a guest Wi-Fi, to cause widespread issues.
Jake Moore, Cybersecurity Expert at ESET:
“Cisco will always be targeted due to the huge numbers they operate on. However, the interesting aspect of this case is that these flaws could possibly be exploited by someone on the inside, which tends to be forgotten about in countless firms.
Usually automatic updates are the best way to protect against this type of threat, but so many of these devices do not allow auto updates and therefore become vulnerable very quickly even once a flaw is known. IT managers need to be aware of the risks and immediately update where possible before anyone is able to take advantage of this threat.”