What I have learned from this vulnerability: Undocumented Test Interface in Cisco Small Business Devices

"Two adult Guinea Pigs"
Photo taken by Sandos on Wikipedia.

Recently Eloi Vanderbecken discovered a security hole on his home Internet gateway. An undocumented TCP port 32764 is listened on this gateway. Intruders can use this hole to reset administrator’s password and then gain control of that Internet gateway. There is a post about how Eloi discovered this security hole and possible way for an intruder to gain control.

The brand of that Internet gateway is Linksys, which was once part of Cisco System but now is part of Belkin. That is why I look more carefully about this case. Cisco published this report about the discovered security hole.

I have learned many things about this case.



Consider carefully about the risks before I choose non-popular network hardware.

Cisco System is a very big network hardware vendor. Even a company this big can make such trivial mistakes. What about other small network hardware vendors?

If the network to be installed is really serious, maybe I should not even consider risking my career just like a guinea pig.

Observe carefully about how the hardware vendor reacts to discovered vulnerabilities in other earlier cases.

Not all vendors could ever respond to discovered vulnerabilities of their products. If the product I choose is from such vendors, and when a really serious one is discovered, they could not do anything to help me out of the vulnerability, either.

Understand how I can report vulnerabilities before buying new network hardware.

Not all vendors provide communication channel for me to report security vulnerability. If it is not easy for me to understand, it is not easy for ethical hackers, either. When a real vulnerability is discovered, no one could easily notify product developers so they do not have any chance to fix them in time.

By the way, I now understand how to report any vulnerability to Cisco. It is defined here.

Do some basic security assessments before adopting new network hardware.

I should have basic port scanner tools such as NMAP handy. I can do a basic and important enough security assessment myself quickly.

Always have a contingency plan for Internet gateways.

In this case, Cisco System needs more days to provide patches to software. For most home users, it is acceptable. But if this is a business network, then I would be in big trouble exposing my network to all possible intruders on the Internet for that long time!

In this report: Cisco Security Advisory: Undocumented Test Interface in Cisco Small Business Devices

Software Versions and Fixes

Cisco will release free software updates that address the vulnerabilities described in this advisory by the end of January 2014. .....

Workarounds

There are no known workarounds that mitigate these vulnerabilities.

Maybe having additional firewall between the Internet and the vulnerable Internet gateway, or having a secondary Internet Service Provider using different DSL routers could be possible solutions to stop exposing my vulnerability to the whole Internet.


[Further Readings]

• Backdoor in wireless DSL routers lets attacker reset router, get admin | Ars Technica
• Cisco Security Advisory: Undocumented Test Interface in Cisco Small Business Devices
• Security Vulnerability Policy - Cisco Systems