In April 2023, Cisco issued security advisories for several of its products. While it’s normal for technology companies to release security patches for vulnerabilities, this instance stands out. Some of the vulnerabilities were super risky.
The patched Cisco products also included hardware, the ASR 5000 Series routers. The other impacted products included the Industrial Network Director (IND), Modeling Labs, and BroadWorks Network Server.
What’s extraordinary is that most security flaws were critical and required immediate fixes. The news essentially reiterates the importance of maintenance for security. Whether it’s hardware or the software running on it, maintenance and support are key to preventing malicious parties from exploiting vulnerabilities.
Cisco’s ASR 5000 Series routers had critical vulnerabilities, mainly in StarOS, the OS for these routers, and other products. The vulnerability (CVE-2023-20046) results in privilege escalation with key-based SSH authentication.
Here’s what could happen if someone exploited this particular vulnerability of the routers:
An attacker can send an authentication request over SSH using an IP address linked with a high-privilege account. However, instead of providing the SSH key for that particular account, they could provide the SSH keys for a low-privilege account.
In other words, the system was accepting low-privilege SSH keys as high-privilege. Because of this weakness, anyone with low-privilege SSH keys could access things only reserved for high-privilege access.
Updating StarOS to the latest version with the security patch fixes this vulnerability, which is quite critical and exposes high-level access privileges.
The Cisco IND received two patches for its vulnerabilities, one of which was critical. The critical flaw CVE-2023-20036 impacted the web-based user interface. Exploiting this vulnerability, remote attackers could execute commands on the Windows OS with administrative rights. This is because of improper input validation when uploading Device Packs.
Modeling Labs, a network simulation tool, was also impacted by a similar critical vulnerability that could allow an attacker to get administrative access to the tool’s web interface.
Patch management refers to distributing and applying software updates, particularly fixing security vulnerabilities. These patches are essential for fixing the problem before it can be exploited.
Patches are distributed by hardware OEMs, OS, and software vendors, often soon after the vulnerability is identified. While OEMs and vendors can make the patches available, the responsibility to install and apply those patches falls on the customers.
Network equipment, OS, database management, and enterprise tools are often fixed with patches. For enterprises with a large IT footprint, there’s a clear need for processes regarding patch management. With many IT assets in use, it’s imperative to keep tabs on any announcements of patch releases.
Furthermore, patching the vulnerability isn’t the only option. Depending on the specific vulnerability, there may be workarounds, such as compensating controls.
Patch management is essentially a part of security management. However, it’s also intrinsically linked with IT asset management. Effective asset management is critical for identifying vulnerabilities and implementing solutions (including security patches).
Without an effective patch management system, enterprises risk being unaware of critical security vulnerabilities and not applying the patches in time to prevent exploitation.
(Source: data)
According to a Ponemon Institute report, 57% of data breaches are attributed to poor patch management.
While OEMs and vendors announce patches online and notify customers through email, you don’t want to take the chance of missing the announcement.
In a multi-vendor environment with assets obtained from multiple channels, you may not even be notified in time. Therefore, it’s imperative to be proactive with security patches.
Here are the steps to effective patch management:
Most security patches are for software products, but there are also critical firmware patches for hardware. Hardware maintenance impacts overall infrastructure security.
The hardware that has not reached the end of support will continue to receive security patches for identified weaknesses. However, equipment that has reached the end of support from the OEM will usually not receive any more security patches. In such cases, enterprises must maintain the equipment with a third party.
Third-party maintenance (TPM) for legacy hardware can help identify and resolve security vulnerabilities even without official interference from the OEM.
As many enterprises continue to operate legacy equipment that has officially reached the end of service life (EOSL), TPM can be the alternative.
Vulnerability assessment, patch management, and hardware maintenance are crucial cybersecurity strategies for profound enterprise security.
Cisco’s announcement of multiple patches for critical security vulnerabilities should inspire enterprises to adopt standardized patch management and maintain hardware with up-to-date support contracts.
If security vulnerabilities are not fixed in time, your enterprise infrastructure can be exposed to data breaches and malware. Such security incidents are not uncommon and can cause damages worth millions.
If your enterprise runs on legacy equipment no longer supported by the OEM, PivIT’s short-term maintenance can be a viable alternative. With cost-effective device maintenance, you can ensure that any vulnerabilities and faults are dealt with immediately.
Learn more about OneCall, the holistic IT maintenance solution for long-term and short-term needs.