Cisco Tracing Tool Exploited To Hoover Up Massive Data

Cisco Tracing Tool Exploited To Hoover Up Massive Data

Brazilian security researchers Joaquim Espinhara and Rafael Silva were able to exploit a default feature in Cisco routers to collect data massive amount of data. 

The default feature called "Embedded Packet Capture (EPC)" was designed as a troubleshooting and tracing tool that allows network administrators to capture data packets flowing through a Cisco router.

In order to abuse this feature, the attacker would need privileged user access, according to the researchers.

"There is no disable mode for this feature. Because this feature is commonly used for troubleshooting network problems. Cisco have to implement some features that would stop OR [make] difficult this approach to abusing EPC," Silva explained.

Researchers developed a proof-of-concept hack by using multiple Cisco routers configured with default accounts to send data traffic to a repository.  An attacker can easily extract sensitive information from the captured raw packets.

Cisco spokesman said, "We are aware of the Embedded Packet Capture-related presentation at the upcoming security conference. We've reached out to the presenters to understand more about their research and what implications, if any, it has for our customers. We have no reason to believe that a new security vulnerability will be disclosed, but stand ready to provide advice to customers in accordance with our Security Disclosure Policy."

"Our best advice to customers is to ensure appropriate user access controls are in place", the spokesman added.

Today, the researchers are presenting their research with the release of the Mimosa Framework 1.0 source code ( Network kit exploitation framework) at the Infiltrate security conference in Miami.

No comments

Powered by Blogger.