Cisco patches a security glitch affecting routers, switches and phones
Cisco has issued fixes for five security glitches that can be found in a wealth of its networked enterprise products – from switches and routers to web cameras and desktop VoIP phones.
The problems center around vulnerabilities in the implementation of the Cisco Discovery Protocol (CDP) that could let remote attackers take over the products without any user interaction. While no public exploit has been found, an attacker simply needs to send a maliciously crafted CDP packet to a target device located inside the network to take advantage of the weakness, Cisco stated.
Cisco’s CDP is a Layer 2 protocol that runs on Cisco devices and enables networking applications to learn about directly connected devices nearby, according to Cisco. It enables management of Cisco devices by discovering networked devices, determining how they are configured, and letting systems using different network-layer protocols learn about each other, according to Cisco.