FragmentSmack Vulnerability Affects Several Cisco Products

Cisco website homepage. It is an American multinational that develops and sells networking hardware and other high-technology services and products. Cisco logo visible.

A list of 88 Cisco products—mostly operating in the Linux environment—have been found to be carrying the “FragmentSmack” security vulnerability.

Cisco is suddenly finding itself in a bind since a large number of its products have been discovered to be vulnerable.

For the record, though a majority of the devices in the list of 88 products identified are related to the Linux kernel, there are other operating systems such as Windows that have been affected as well.

The reports suggested that the flaw in the security of these devices was named FragmentSmack, but another flaw which was named SegmentSmack has been added as well.

It has been established that these vulnerabilities expose the devices to possible attacks which are of the distributed denial of service (or DDoS) type.

Cisco, the company that manufactures these devices, has acknowledged that these vulnerabilities indeed exist and it is issuing patches to address the issue.

Flaw Detected and Informed to Customers

When such serious security flaws are detected, cybersecurity researchers first share the details with their findings and screenshots with the companies involved. Only in cases where the stakeholders fail to initiate any action to remedy, the flaws go public.

In other cases, once the remedial patches are dispatched to the end users, the details are shared on related forums and brought into the public domain.

In this case, since the Linux Kernel was in the midst of the crisis, they were informed in the month of August and their resellers were immediately advised of the issue. They are also understood to have set the flaw right at their customers’ ends.

Large setups like Amazon and Juniper Networks are listed as firms where the Cisco devices were in use, and they have also been supplied with the patches to take care of the FragmentSmack vulnerability.

More Details on FragmentSmack

Close-up of Cisco products brand at SMAU, international fair of business intelligence and information technology October 20, 2010 in Milan, Italy.

Cisco is suddenly finding itself in a bind since a large number of its products have been discovered to be vulnerable.

For those who are not very conversant with DDoS attacks, these are disruptions where the attacker or hacker sends a huge volume of data to the targeted system—resulting in the user getting messages on the screen denying access to even basic services. That is the reason this name has been given.

And as one would have expected, in the FragmentSmack vulnerability (identified as CVE-2018-5391), the hackers are able to choke the CPU by overloading it with fragmented IP addresses.

Another factor that has emerged is that the version 3.9 of Linux Kernel and above are the ones directly affected. Cisco has therefore gone about identifying the products in its catalogue that would be carrying the vulnerability and sharing the information with all affected parties for damage control.

In addition, Windows has also addressed the FragmentSmack vulnerability in a security advisory, as its systems are affected as well.

List of Affected Products Is Published

In a security advisory, Cisco has put out a complete list of the affected products. As indicated, they are 88 in number and some of the products—such as switches and routers—appear more frequently.

The sub-brands appearing in this list are Nexus (switches), Unified Communications and Unified Computing. TelePresence is another brand where products have been added to the list with vulnerability.

Solutions on Their Way

Cisco first released some patches so that the end users of their products are not affected by the vulnerability.

One factor to note here is that DDoS attacks, by nature, do not last for long durations. Once the population of IP addresses comes down, the system may be restored to its normal functioning.

The user may have to run a security scan immediately to ensure no bugs have been left behind by the attacker and carry on using the system until the permanent remedy in the form of the patch arrives and is downloaded and installed.

Cisco is further engaged in verifying if its Cisco Application Policy Infrastructure Controller (APIC) Enterprise module has been spared the security flaw or if it too has been affected.

Security flaws in hardware are more difficult to manage as the physical stocks could be lying dispersed in multiple locations and will be in packed condition.

To have the vulnerable products segregated at the warehouses and at resellers’ premises, and then keeping a track of them to remove the vulnerability at the time of its sale and installation, can pose a huge challenge to the people involved at various levels.

Additionally, the customers using the devices need to be contacted and informed of the vulnerability, and corrective action needs to be initiated without any delay.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.