NETWORK HIT HARD
With the general router and critical vulnerabilities in Policy Suite of Cisco out in public domain, we can well imagine the route we are on. Can there be a technical regulatory regime which can give the user a fair idea as to the risk he is in for? Or that the risk is unknown? Can there be an independent testing mechanism? The irony of the situation is that nobody knows what hardware / software is compromised. It’s a grim situation. Cisco is the biggest player in the network market in the world.
American Consumer Institute’s latest study shows that 83% of the routers in the US are prone to cyberattacks. Majority of these routers have critical vulnerabilities emanating out of lack of firmware updates. In a total testing sample of 186 routers from manufacturers like Netgear and Linksys, 155 were found to be vulnerable to cyberattacks. Astonishingly, there were 172 vulnerabilities per router and in all 32,003 vulnerabilities. Every single vulnerability can create a havoc, each vulnerability takes a different skills set to hack; with 21% being ranked high, 60% as medium and 12% as low. The story dealing with Cisco is equally scary. Though the IT networking giant claims to have patched critical vulnerabilities in the Policy Suite, yet there is need to know what the vulnerabilities were? The first vulnerability “could allow an unauthenticated, remote attacker to connect directly to the Policy Builder Database.” Another one, a worst security flaw permits attackers to act as root and execute arbitrary code.
The third bug CVE-2018-0376 is another unauthenticated access problem. “A successful exploit could allow the attacker to make changes to existing repositories and create new repositories.” The last vulnerability pertains to the lack of authentication within the OSGi interface. Hacker can directly connect to the interface and do whatever damage he wants. While we move on to the Internet of Things, this is the status of the network today.
A SECURE NETWORK IS THE FIRST PREREQUISITE OF A SECURE INTERNET.