it.ucsf.edu

Security Update:Cisco Warns of Attackers Hijacking Cisco IOS Devices

Status Type

Security Update

Date and Time

Friday, August 14, 2015 - 08:50

Reason

Security Update

Impact

Cisco IOS Devices

 

WHAT HAPPENED?
Cisco Systems officials are warning customers of a series of attacks that completely hijack critical networking gear. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image.

Advanced Users: For a complete description of the security enhancements and affected software refer to Evolution in Attacks Against Cisco IOS Software Platforms at http://tools.cisco.com/security/center/viewAlert.x?alertId=40411.


AFFECTED SYSTEMS:

  • Cisco IOS devices


WHAT'S THE PROBLEM?

Successful exploitation using this image could allow an attacker to manipulate device behavior after the device is rebooted.


WHAT DO I NEED TO DO?

Cisco recommends:

1. Users of Cisco IOS devices review these documents to understand the types of threats against Cisco IOS devices.

2. Ensure operational procedures include methods for preventing and detecting compromise.



RELATED LINKS