Cisco Attacks
Routers and switches are network devices that provide access to servers and desktops
within an enterprise. Businesses that take their network seriously and are of a decent
size are likely to have routers that can be managed over the network,
often using SSH
to gain access to the device remotely. The router is a gateway device that has only a
single network on the inside and everything else on the outside. This is different from
getting an enterprise-grade router, which uses routing
protocols like Open Shortest
Path First (OSPF), Interior Border Gateway Protocol (I-BGP), or Intermediate Sys‐
tem to Intermediate System (IS-IS).
Switches in enterprise networks also have management capabilities, including man‐
agement of virtual local area networks (VLANs), Spanning Tree Protocol (STP),
access mechanisms, authentication of devices connecting to the network, and other
functions related to layer 2 connectivity.
As a result, just like routers, these switches
typically have a management port that allows access from the network to manage the
devices.
Both
routers and switches, regardless of the vendor, can have vulnerabilities. They do,
after all, run specialized software. Anytime there is software, there is a chance for
bugs. Cisco has a large market share in the enterprise space. Therefore, just as with
Microsoft Windows, Cisco is a big target for writing software for exploitation. Kali
has tools related to Cisco devices. These exploitations
of Cisco devices may create
denial-of-service conditions, allow for the possibility of other attacks to succeed, or
provide an attacker access to the device so configurations may be changed.
About Firmware
Routers and
switches run software, but they run it from a special
place. Instead of the software being stored onto a disk and loaded
from there, it is written into microchips called
application-specific
integrated circuits
(ASICs). When software is stored in hardware in
this manner, it is referred to as
firmware
.
Some of the tools used for searching for vulnerabilities can also be used to exploit. A
tool like the CAT will not only search for Cisco devices on a network but will also
perform brute-force attacks against those devices. If these devices have weak authen‐
tication, meaning
they are poorly configured, this is a vulnerability that can be exploi‐
ted. A tool like
CAT
could be used to acquire passwords to gain access to the devices.
That’s a simple vulnerability and exploit.
