CISCO Firmware Retrieval Vulnerability

CISCO Universal Small Cell devices affect by a flaw permits unauthenticated remote users to retrieve the firmware of the devices. This has prompted the company to come with a patch for the systems that have been affected by the flaw.

The company has urged the service providers who are utilizing the Universal Small Cell solutions to have their systems updated in order to carry out the installation of the patch to resolve the security issue which seems to be quite serious.

The Universal Small Cell Family of Cisco has been designed in order to help the operators to carry out the integration of 4G and 3G small cell services within IT infrastructure. The presence of the flaw in the security systems can permit remote unauthenticated attackers to gain access to the firmware of the device. It also permits them to create a copy of the information.

The advisory of the company stated that the presence of the vulnerability in Cisco Universal Small Cell devices can offer access to a remote attacker and permits them to retrieve information pertaining to the firmware. This information can be taken from the Cisco’s binary server. A problem in the company’s binary server was highlighted by the advisory. It failed to enforce the certificate validation process. This implies that the retrieval process is not limited to the Universal Small Cell devices.

If an attacker retrieves a valid key from Universal Small Cell device, then they would be able to access the information pertained in the decrypted binary images which even includes the service provider configuration. This information can pose a serious threat to the Universal Small Cell devices. The vulnerability can be attributed to the lack of enforcement of the certificate validation process by the binary server. The information that could be retrieved by the attacker could contain the IP addresses of the service providers of the device. Anybody could easily decrypt the binary images and gain access to the information on the Cisco Universal Small Cell device. A patch needs to be applied immediately by all the organizations that are making use of Cisco Universal Small Cell solutions.

The entire security industry was recently threatened by another flaw in the Cisco ASA Software. The exploitation of the software can offer remote attackers to execute codes remotely. Cisco seriously needs to come up with patches immediately in its solutions that are being affected so that the users do not get exploited by the hackers.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.